“  “  15  things  you  need  to  fathom 

and  impending  benefits  of  IE8,  Firefox,  Chrome, 


Calls  for  savings 


Maximize  your  return  on  IT  ■  www.networkworld.com 


March  30  -  April  6,  2009  ■  Volume  26,  Number  13 


“We  can  save  you 
money,"  was  mes¬ 
sage  No.  1  from  ven¬ 
dors  at  last  week’s 
VoiceCon.  Page  12. 


Should  the  govern¬ 
ment  be  able  to 
shut  off  the 
Internet? 

Federal  legislation 
introduced  last  week 
would  give  President 
Obama  the  power  to 
declare  a  cybersecu¬ 
rity  emergency  and 
shut  down  public  and 
private  networks. 
Page  12. 


LTE  comes  into 
focus  at  CTIA 
Wireless  show 

Widely  hyped  4G 
technology  moves 
closer  to  becoming 
reality.  Page  16. 


Experts  say 
‘clouds'  need 
a  security 
umbrella 

BY  JON  BRODKIN 

If  cloud  computing  is  to  move  be¬ 
yond  the  hype  cycle,  vendors  need 
to  put  aside  their  differences  and 
agree  on  common  principles  related 
to  security  and  the  interoperability 
of  cloud  platforms,  a  number  of  in¬ 
dustry  players  are  saying. 

Two  events  last  week  demonstrated 
rising  interest  in  making  security  a 
priority  and  creating  an  open  infra¬ 
structure  that  lets  applications  and 
data  move  freely  from  one  cloud  to 
another. 

ING  and  eBay  highlighted  a  mix  of 
user  companies  and  vendors  that 

See  Cloud,  page  18 


q  ITRoadmap 
Upcoming  HR 

One-day  IT  event  is 
coming  to  a  city  near 
youlThe  event  fea¬ 
tures  10  IT  tracks; 
vendor  expo;  peer 
case  studies. 
Register  at: 
www.nwdocfind 
er.com/8728 


Enterprise  use  of  the  cloud 

26%  use  the  cloud  for  IT  management 
applications 

25%  for  collaborative  apps 

23%  for  business  apps 

17%  for  application  development 
and  deployment 

16%  for  additional  server  capacity 
16%  for  additional  storage  capacity 

24  4  RESPONDENTS.  SOURCE:  IDC 


10  tips  for  cutting 
your  IT  expenses 


BY  DENISE  DUBIE 

With  tech  budgets  shrinking,  network 
professionals  are  spending  less  time 
planning  new  purchases  and  more  time 
trying  to  cut  costs  and  squeeze  more 
value  out  of  existing  IT  resources. 

“Cost  reduction  and  cost  contain¬ 
ment  is  a  priority,  and  this  economic 
downturn  is  really  a  catalyst  to  become 
more  efficient  and  better  use  the  things 
we  already  have,”  says  Jake  Seitz,  enter¬ 
prise  architect  at  the  financial  services 
group  The  First  American 
Corp.  “If  everything  was 
rosy,  we  probably  wouldn’t 
be  focusing  so  intensely 
on  efficiencies  right  now” 

The  Santa  Ana,  Calif., 
company  established  a  task  force  to  find 
the  hidden  gems  amid  its  software  and 
high-tech  tools,  Seitz  says. 

Seitz  isn’t  alone.  Many  IT  industry  pro¬ 
fessionals  realize  they  can  find  more 
uses  for  tools  their  company  already 


owns  and  even  kick  off  new  initiatives 
without  requesting  any  new  funding. 
Here  we’ve  culled  10  ideas  to  consider. 

1.  Pool  troubleshooting  resources 

Identifying  areas  in  which  staff  can  col¬ 
laborate  and  more  easily  share  informa¬ 
tion  helps  Brian  Jones  reduce  manual 
efforts  and  improve  response  times 
when  troubleshooting  problems. 

Jones,  manager  of  research  and  net¬ 
work  engineering  at  Virginia  Polytechnic 
Institute  and  State  Univer¬ 
sity’s  Tech  Communications 
Network  Services  unit  in 
Blacksburg,  says  his  group 
recently  moved  in-house, 
off-the-shelf  and  open 
source  tools  into  one  centralized  location 
with  the  help  of  wiki  software  from  Con¬ 
fluence  — which  he  had  on  hand  prior  to 
the  downturn.  The  software  lets  the  net¬ 
work  engineering  and  operations  teams 
See  Cost-cutting,  page  14 


■  The  most  overlooked 
switch  and  router 
features.  Page  15. 
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WELCOME  TO  A  PLACE  WHERE  ANYTHING  IS  POSSIBLE. 


WHERE  IF  YOU  DREAM  IT,  YOUR  INFRASTRUCTURE  BECOMES  IT. 


FROM  DATACENTER  TO  DESKTOP. 


Microsoft 


Virtualization 


YOU  DO  MORE.  YOU  SAVE  MORE 


m  ncfev  a  reality;,, FrOm  servers  tp  desktops  to'  r 
iorosoft's  co.rn^reherisive'  cost-effective  portfolio 
Find  cut  rnor  ?  at  microsoft.com/virtualization 


Gold 

Certified 
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CISCO. 

PARTNER 


•  Coordinates  multiple  internal  defense  layers  to 
enhance  protection  and  efficiency 

•  Intuitive  management  interface  provides  flexible 
networking  features  and  functionality  for  ease  of 
administration 

•  Bundle  includes  application  proxy  firewall/VPN 
appliance,  one  year  of  Gateway  Antivirus/Intrusion 
Prevention  with  antispyware,  spamBlocker, 
WebBlocker  and  extended  hardware  warranty, 
threat  alerts  and  technical  support 


We're  there  with  the  security  solutions  you  need. 

Security  threats  won't  get  on  your  network  if  they  can't  get  to  the  network.  That's  why  gateway  security  is 
so  important.  CDW  has  a  wide  selection  of  top-name  firewall  protection,  antivirus,  antispyware,  intrusion 
prevention  and  more,  Our  personal  account  managers  along  with  our  highly  trained  technology  specialists 
have  the  expertise  you  need  to  ensure  your  network  is  fortified  and  secure.  So  call  CDW  today.  And 
eliminate  threats  before  they  even  become  threats.  . 


CDW.com  800.399.4CDW 


liceoSihgTequires  a  minimum  purchase  of  five  licenses'  includes  one-year  Maintenance  (12x5  telephone  and  online  technical  support,  virus  pattern  updates 
land  product  vei^on  upgrades) .  Offer  subject  to  CDW's  standard  terms  apd  conditions  of  sale,  available  at  CDW.com.  ©2009  CDW  Corporation 


CDW} 

The  Right  Technology.  Right  Away. 


•  Secures  your  network  against  attacks  such  as 
worms,  viruses,  spyware,  keyloggers,  Trojan 
horses,  rootkits  and  hackers 

•  Combines  feature-rich  VPN  connectivity  with 
comprehensive  threat  defense  to  deliver 
cost-effective  remote  network  access 

•  Protects  users  accessing  the  network  from 
a  personal  PC  or  public  terminal  with  Cisco 
Secure  Desktop 


s'  . 

$41499 


•  Delivers  multi-layered,  multi-threat  protection 
in  a  single  gateway-to-endpoint  suite 

•  Protects  against  the  growing  threat  of 
Web-borne  attacks 

•  Provides  maximum  IT  efficiency  with  automatic 
updates,  centralized  management  console 
and  reporting 

•  Offers  high  scalability  and  extensive 
configuration  options 


SECURITY  NOTICE 


RESTRICTED 
AREA 
KEEP  OUT 


CDW  1065037 


(V\^atchGuard 


$161999 

CDW  973448 


NO  TRESPASSING 


51-250  user  license1  $59.99  CDW  1258918 
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COOLTOOLS 

■  FreeAgent  Theater  HD 
media  player  lets  users 
view  photos,  listen  to 
music  and  watch 
videos. 

See  Cool  Tools,  page  22. 

22  Keith  Shaw:  Seagate’s  enter¬ 
tainment  foray. 
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8  Catch  up  on  the  latest  online  stories, 
blogs,  newsletters  and  video. 


■  CONTACT  Network  World,  492  Old  Connecticut  Path, 
Framingham,  MA  01701-9002;  Phone:  (508)  766-5301;  E- 
mail:  nwnews@nww.com;  ■  REPRINTS:  (717)  399-1900; 

■  SUBSCRIPTIONS:  Phone  877-701-2228; 

E-mail:  nww@omeda.com;  URL: 
www.subscribenww.com 


. . . 

•  •„  iggg  . 

"  SHENfv 

.  m  * : 


fBoesf  a 


3? 


VCOr 

SPECIAL  FEATUR  E  i _ " 

^>ome  argue  tljat  computer  science  is  crucial  to 
competitttoeness,  others  gap  buxines#  skill si  are 
more  relebant  tobap.  PAGE  23 


Mu 


l?rti»orli  ®or!6  Senior  <E tutor 


J 


'.;VAWt  f  :»»>•  * 


GOODB 

April  Fool’s  rules 

April  Fool’s  Day  has 
become  just  about 
everyone’s  favorite 
holiday  on  the 
Internet,  with 
everyone  from 
the  IETF 
(floated  idea 
for  end-to-end 
NAT  for  the 
Internet)  to  Google  (a  3D  Web  browser, 
CADIE  the  super-cute  panda  and  Gmail 
Autopilot,  which  can  automate  responses 
to  relationship-related  e-mail)  getting  in 
on  the  act. 

DoS  attack  knocks  some  UltraDNS 
customers  offline 

NeuStar  confirmed  that  some  of  its 
UltraDNS  managed  DNS  service  cus¬ 
tomers  were  knocked  offline  for  several 
hoursTuesday  morning  by  a  distributed 
denial-of-service  attack.  "Early  this  morn¬ 
ing,  our  monitoring  systems  detected  a 
significant  denial-of-service  attack,  which 
affected  a  small  subset  of  our  customers, 
in  some  cases  for  as  long  as  a  few  hours,” 
the  Reston,Va.,  company  said  in  a  state¬ 
ment.  "While  we  continue  to  investigate 
the  cause,  the  extent,  and  the  duration  of 
the  attack,  service  was  completely 
restored  by  10  a.m.  EST.”  NeuStar  is  a 
leading  provider  of  high-availability  DNS 
services  to  e-retailers  including  J. Jill  and 
Diamond.com  as  well  as  high-tech  compa¬ 
nies  such  as  Oracle  and  Juniper. 

Gartner  and  Forrester  agree: 

IT  spending  drops 

Forrester  Research  is  now  predicting  that 
U.S.  IT  spending  will  drop  by  3.1%  this 
year,  shattering  its  previous  projection  of  a 
1.6%  increase.  Globally,  Gartner  says  IT 
spending  is  expected  to  decline  nearly  4% 
in  2009  over  the  previous  year  as  the  cur¬ 
rent  recession  will  see  more  losses  than 
the  dot-com  bust  in  2001.  “The  IT  market 
slowdown  will  be  worse  than  2001,  that 
downturn  was  tech-related.Today  there  is 
a  general  slowdown  in  demand  for  prod¬ 
ucts  and  services  across  the  board  and  IT 
spending  is  not  immune,”  said  Richard 
Gordon,  research  vice  president  of  global 
forecasting  at  Gartner. 
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Conficker  and  Y2K:  Better  to 
be  safe  than  sorry 

Re:  Conficker  activation  passes  quietly,  but 
threat  isn’t  over  (www.nwdocfinder.com/9429): 

Y2K  wasn’t  hype.  If  nothing  had  been  done, 
there  would  have  been  some  pretty  dramatic 
repercussions.  If  you  don’t  believe  me,  set  your 
system  date  to  1980  and  see  how  much  fun 
you'll  have  opening  files.  Sorry  trying  to  open 
files.  It's  because  back  then  the  people  in  the 
industry  worked  really  hard,  and  some  really 
long  hours,  so  that  the  “Y2K  bug”  is  now  con¬ 
sidered  hype.  And  it  was  everything  from  code 
to  hardware  that  had  to  be  taken  care  of.  You 
can’t  imagine  how  many  lines  of  code,  in  lan¬ 
guages  from  BASIC  and  C  to  COBAL  had  to  be 
modified.  Some  companies  spent  a  few  years 
working  on  it.  Then  there  were  all  those  PCs 
that  had  to  be  tested.  Not  just  to  see  if  the  BIOS 
would  roll  over  correctly  (meaning  changing 
the  date  from  1999  to  2000),  but  how  many 
applications  would  recognize  it  as  well. 

Now,  once  again,  those  in  the  industry  are 
taking  care  of  business.  If  you  read  the  article, 
you  would  have  seen  that  the  threat  isn’t  over, 
and,  it’s  possible  that  today  was  a  ruse. 

Anon 

Experience  trumps  degree  in 
tough  job  market 

Re:  Would  you  hire  the  guy  with  the  CS 
degree,  or  not?  (www.nwdocfinder.com/9430): 

1  remember  back  in  the  dot-com  days,  com¬ 
panies  were  ripping  kids  out  of  college  before 
graduation  and  giving  them  jobs  starting  at 
80K.  Since  1  was  still  in  high  school  during 
those,  1  didn’t  get  to  take  advantage. 

But  when  the  dot-com  bubble  burst,  the  job 
market  became  very  competitive.  So  the  rule 
of  thumb  quickly  became,  what  can  you  do  to 
make  yourself  look  better  then  the  competi¬ 
tion?  Unfortunately,  with  the  current  recession, 
that  seems  to  be  the  case  again. 

I  have  my  bachelor’s  degree  and  CCNA 
(working  on  CCNP).  But  after  working  in  this 
industry  for  a  few  years  you  quickly  learn  that 
it  really  doesn’t  matter  if  you  went  to  college 
or  not.  I  have  several  co-workers  who  didn’t  go 
to  college.  The  only  thing  that  does  matter  is 
experience.  The  more  experience  you  have 


the  more  money  you’ll  make.  Degrees  and  cer¬ 
tifications  are  used  to  get  you  up  the  ladder 
quicker. 

The  only  real  valid  argument  for  having  a 
college  degree  is  that  certifications  expire. 
College  degrees  will  last  you  a  lifetime.  Plus  if 
you  ever  have  an  inclination  to  move  out  of 
the  trenches  and  become  a  CTO  or  CIO,  the 
college  degree  will  most  likely  be  required. 

DePaul 

Mobile  Skype:  Idea  sounds 
good,  but  not  the  calls 

Re:  Mobile  Skype:  The  end  of  cellular  as  we 
know  it  (www.nwdocfinder.com/9431): 

So,  Skype  on  an  Internet  connection  with¬ 
out  QoS  where  the  VoIP  packet  is  prioritized 
for  real  time  conversations  is  just  going  to 
sound  terrible.That’s  what  these  articles  never 
explain.  Anyone  in  the  telecom  industry 
knows  that  VoIP  calls  over  the  Internet  is  hit 
and  miss  for  quality  Now,  it’s  true  telcos  have 
been  using  VoIP  on  their  backbone  for  years, 
but  on  their  private  network,  thus  they  control 
the  data  and  prioritize  it.  The  real  game 
changer  will  be  when  the  Internet  can  sup¬ 
port  QoS.  Until  then, sure  you  can  save  money 
using  the  Internet  to  route  your  calls,  it  just 
isn’t  going  to  sound  that  great. 

Transporter2000 

Cisco  should  practice  what  it 
sells 

Re:  Should  Cisco  lower  pricing  on  Cisco  Live 
due  to  the  horrible  economy  and  massive  lay¬ 
offs?  (www.nwdocfinder.com/9432): 

OK,  so  Cisco  is  all  about  virtual  presenta¬ 
tions.  Why  not  have  four  regional  sites  in  the 
U.S.  to  lower  travel  costs?  They  could  use  the 
same  staff  to  present  at  all  four  using  telepres¬ 
ence.  Beyond  that,  it  would  be  nice  if  they 
would  try  some  “tier  IPlocations  that  would  be 
cheaper. 

Ben  Story 

E-mail  letters  to  jdix@nww.com  or  send  them 
to  John  Dix,  editor  in  chief,  Network  World,  492 
Old  Connecticut  Path,  Framingham,  MA  01 701- 
9002.  Please  include  phone  number  and  address 
for  aerification 
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One-day  IT  event  coming  to  a  city 
near  you! 

One-day  IT  event  coming  to  a  city  near  you! 

10-ITTracks;  Vendor  Expo;  Peer  Case-Studies 

Feature  sessions  include:  Security;  WAN  Services;  Net.  Management;  Virtualization; 
Data  Centers;  SaaS;  Green  IT;  UC;VolP;  Mobility;  Application  Delivery 

Coast  to  Coast  Tour  in  2009 

1TR  Visits  Boston  in  May  and  Atlanta  in  June,  2009 

Register  and  qualify  to  attend  free 

www.nwdocfinder.com/8226 
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on  what  really  matters  -  your  business.  Learn  more  at  qwest.com/business. 
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VIDEO  INSIDER  DEBUT: 
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Server  virtualiza¬ 
tion's  meteoric  rise 

Our  new  Video  Insider 
series  (part  1  of  3)  puts 
the  spotlight  on  server 
virtualization  —  get  an 
overview  of  the  technol¬ 
ogy  from  top  analysts 
and  see  where  the  mar¬ 
ket  is  headed. 

www.nwdocfinder.com/9426 
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Controlling  robots 
via  brain  power 

Forget  remote  controls. 
In  the  future  you  might 
be  able  to  switch  on 
and  off  gadgets  using 
nothing  more  than  the 
power  of  thought. 

www.nwdocfinder.com/9427 


CTIA:  Samsung 
shows  mobile  WiMAX 
device 

At  CTIA,  the  electron¬ 
ics  giant  unveiled  the 
Mondi,  a  mobile  Internet 
device  that  will  run  on 
Clearwire's  WiMAX 
data  service. 

www.nwdocfinder.com/9428 
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Free  tools  for  the  virtual  world 
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■  15  foolish  high-tech  stories.  Layer  8 
blogger  Michael  Cooney  celebrates  April 
Fool's  Day  with  stories  on  space,  murder,  fire, 
iPhones  and  text  messages.  In  a  year 
plagued  by  foolish  Wall  Street  executives, 
financial  shenanigans  and  just  plain  crazi¬ 
ness,  there  have  been  a  ton  of  foolish  hap¬ 
penings.  What  we  have  here  are  15  of  the 
most  interesting  foolish  follies  that  should  at 
least  make  you  wonder  about  the  sanity  of  the 
world.  A  few  of  the  stories  include  the  eco¬ 
nomic  stimulus  stimulates  scamming  fools; 
no  iPhones,  iPods  in  Mr.  and  Mrs.  Bill  Gates’ 
house;  and  the  topper  is  the  battle  between 
two  companies  over  a  bodily-function  noise¬ 
making  application?  In  this  case  iFart  is  now 
brawling  with  Pull  My  Finger  for  iPhone  fart 
sounding  dominance  and  copyright  issues. 
www.nwdocfinder.com/9434 

■  Conficker  and  our  “Cold  War”  view  of 
malware.  With  the  hype  of  the  past  week  in 
anticipation  of  another  Conficker  attack  on 
April  1,  Microsoft  Subnet  blogger  Mitchell 
Ashley  looks  at  how  and  why  the  worm 
spread  so  successfully.  We’ve  been  condi¬ 
tioned  through  these  experiences  to  look  for 
and  expect  the  next  “big  attack".  But  mas¬ 
sive  attacks  like  Blaster,  Sasser  and  Code 
Red  don't  happen  much  because  we  are  pre¬ 
pared  for  them.  Instead,  attackers  are  taking 
much  different  approaches  to  developing 
malware.  Conficker  has  focused  on  rapidly 
creating  multiple  concurrent  variants,  better 
techniques  for  evasion  from  detection  like 
laying  out  false  leads  for  security 
researchers,  and  most  importantly,  contains 
no  malicious  payload.  Conficker  has  been 
very  successful  at  spreading,  in  part 
because  there’s  been  no  apparent  negative 
consequences,  so  we  haven't  marshaled  the 
resources  to  stop  its  spread.  No  harm,  no 
foul  —  at  least  so  far. 
www.nwdocfinder.com/9435 

■  When  a  computer  science  degree 
matters,  and  when  it  doesn’t.  Many  of 
our  bloggers  followed  up  on  a  story  about 
whether  a  computer  science  degree  was 
worth  the  effort  these  days.  Blogger  Tyson 
Kopczynski  says  it  all  depends  on  the  fact 
that  the  dynamics  of  IT  have  drastically 
changed.  Gone  are  the  days  of  the  base¬ 
ment  people  (yes  they  still  exist ...  shivers) 
where  there  was  a  clear  dividing  line  that 
kept  business,  marketing  and  political  sci¬ 
ence  majors  on  one  side  of  the  room  and  IT 
geeks  on  the  other.  Instead,  IT  is  now  part  of 
an  organization  such  that  an  organization 
needs  IT  to  survive.  Thus,  all  aspects  of  IT 
and  the  business  world  are  intertwined. 
www.nwdocflnder.com/9436 


Network  management:  IT  managers  don’t 
need  a  recession  to  appreciate  free  down¬ 
loads  of  useful  tools,  but  many  vendors  today 
are  packaging  scaled  down  applications  and 
utilities  as  freeware  to  help  customers  take 
on  virtual  environments.  Most  recently 
VKernel  introduced  a  free  virtual  machine 
documentation  tool  for  VMware  ESX  server 
environments,  dubbed  SnapshotMyVM.The 
stand-alone  application  documents  and 
inventories  all  virtual  machines  and  helps  to 
eliminate  manual  processes  around  manag¬ 
ing  virtual  environments.  According  the  ven¬ 
dor,  the  free  application  collects  virtual 
machine  name,  guest  operation  system,  host 
hardware  type,  manufacturer  and  version,  vir¬ 
tual  machine  resource  configurations  and  vir¬ 
tual  machine  utilization  statistics. 
“Documenting  physical  servers  is  one  of  a 
systems  administrator’s  least  desirable  and 
time-consuming  tasks.  In  a  virtual  data  center, 
it  becomes  even  more  challenging  as  the 
environment  is  dynamic  and  static  documen¬ 
tation  becomes  quickly  outdated,”  said  Alex 
Bakman,  founder  and  CEO  of  VKernel. 
www.nwdocfinder.com/9422 

Tech  exec:  The  concept  of  drawing  data 
from  multiple  applications  to  feed  another 
application  or  report  is  nothing  new. 


Programmers  have  been  doing  this  for 
decades.  A  new  twist  to  this  old  concept  is  to 
use  the  Web  to  aggregate  data  and  logic  from 
different  applications  —  often  from  different 
services  providers  —  to  populate  a  new  appli¬ 
cation.  In  Web  2.0  terminology  this  is  called  a 
“mashup.”  Mashups  are  gaining  widespread 
popularity,  especially  with  consumer-oriented 
applications.  For  example,  on  Starbucks.com, 
you  can  enter  a  zip  code  to  find  a  nearby 
location.  A  mashup  aggregates  data  that 
builds  a  map  showing  locations  of  the  closest 
stores,  as  well  as  a  list  of  events  scheduled  for 
each  store.  All  the  data  is  assembled  on  the 
fly  based  on  the  zip  code  you  enter.  Mashups 
are  making  their  way  into  business-oriented 
applications,  too,  as  they  offer  the  promise  of 
faster  deployment  of  business  functionality 
Mashup  technologies  can  combine  internal 
data  or  services  with  external  information  or 
services  to  quickly  create  a  new  service  for 
the  business  user.  For  example,  an  oil  field 
services  company  has  a  database  of  all  the 
locations  of  its  wellheads.  By  combining  the 
internally  owned  GPS  location  data  with 
externally  provided  satellite  images,  an  engi¬ 
neer  sitting  at  his  desk  can  view  the  area  sur¬ 
rounding  the  wellhead  to  visually  survey  the 
right-of-way  area  around  the  wellhead. 
www.nwdocflnder.com/9423 
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Conficker  activation  passes, 
but  threat  isn’t  over 


An  expected  activation  of  the  Conficker.c  worm  passed  without  incident,  but 
security  researchers  said  users  aren’t  out  of  the  woods  yet.  Conficker.c  was 
programmed  to  establish  a  link  from  infected  host  computers  with  com- 
mand-and-control  servers  at  midnight  GMT  on  April  l.That  process  has  started, 
researchers  said. “We  have  observed  that  Conficker  is  reaching  out, but  so  far  none 
of  the  servers  they  are  trying  to  reach  are  serving  any  new  malware  or  any  new 
commands,”  said  Toralv  Dirro,  a  security  strategist  at  McAfee  Avert  Labs,  in 
Germany 


This  may  just  mean  the  people  who  control 
Conficker  are  biding  their  time,  waiting  for 
researchers  and  IT  managers  to  relax  their 
guard  and  assume  the  worst  is  over. “These 
guys  are  very  sophisticated,  very  professional, 
very  determined  and  very  measured  in  how 
they  implement  and  make  changes  to  things,” 
said  Paul  Ferguson,  a  threat  researcher  at 
antivirus  vendor  Trend  Micro,  adding  that 
Conficker.c  is  better  defended  and  more  sur- 
vivable  than  previous  versions  of  the  worm. 
Exactly  how  many  computers  are  infected 
with  Conficker.c  is  not  yet  known.  Experts 
had  pegged  Conficker  infections  in  the  2  mil¬ 
lion  to  4  million  range,  but  new  numbers 
from  IBM’s  Internet  Security  Systems  division 
suggest  that  they  may  be  much  higher,  per¬ 
haps  in  the  tens  of  millions. 
www.nwdocfinder.com/9438 


Google  Ventures  looks  to  invest  in 
start-ups.  Markets  may  be  down  and  in¬ 
vestors  depressed  but  it  apparently  believes 
this  is  a  good  time  to  invest  in  start-up  com¬ 
panies.  Last  week  the  company  announced 
the  creation  of  Google  Ventures,  a  venture 
capital  fund  that  aims  to  invest  in  a  broad 


array  of  technology-related  industries,  includ¬ 
ing  software,  hardware,  clean  energy,  biotech¬ 
nology  and  healthcare.“We  think  we  can  find 
young  companies  with  truly  awesome  poten¬ 
tial  and  encourage  their  development  into 
successful  businesses,”  wrote  Bill  Maris  and 
Rich  Miner,  the  two  executives  charged  with 
leading  the  venture  fund,  in  a  post  on 
Google’s  blog.  Maris  has  worked  with  start-up 
companies  for  10  years  and  Miner  led  the 
development  of  Google’s  Android  operating 
system  for  mobile  phones. 
www.nwdocfinder.com/9439 


Feds  give  $50B  IT  services  deal  a  sec¬ 
ond  try.  The  U.S.  federal  government  has 
chosen  59  IT  services  firms,  including  AT&T 
Government  Solutions,  Nortel  Government 
Solutions,  IBM  and  Verizon  Business,  for  a  gov¬ 
ernment-wide  IT  services  program  called 
Alliant  that  could  be  worth  $50  billion  over 
the  next  10  years.  Alliant  is  an  umbrella  pro¬ 
gram  open  to  all  federal  government  agen¬ 
cies  for  purchasing  systems  integration,  tech¬ 
nical  support  and  other  IT  management  ser¬ 
vices.  The  Alliant  awards  are  a  re-compete  for 
the  U.S.  General  Services  Administration, 
which  originally  awarded  contracts  in  2007 
that  were  later  thrown  out  by  the  U.S.  Court  of 
Federal  Claims.’Alliant  has  been  held  up  in 
court  for  problems  with  the  source  selection 
processes,”  explained  Ray  Bjorklund, senior 
vice  president  of  Federal  Sources,  a  consult¬ 
ing  firm.“The  court  offered  GSA  a  variety  of 
options,  and  GSA  chose  to  do  the  procure¬ 
ment  over  again.” 
www.nwdocfinder.com/9440 

Windows  server  targets  branch,  small 
office  users.  Microsoft  has  rounded  out  its 
server  lineup  for  small  and  midsize  business¬ 
es  with  the  release  of  Windows  Foundation. 

At  its  heart,  Foundation  is  Windows  Server 
2008  Standard  Edition,  but  the  operating  sys¬ 
tem  is  encumbered  by  a  set  of  limitations 
that  include  running  only  on  a  singleproces¬ 
sor,  64-bit  server  with  a  maximum  of  8GB  of 
memory  Foundation  does  not  support  virtual¬ 
ization,  but  will  support  any  software  certified 
for  Windows  Server  2008.The  server,  which 
has  a  user  limit  of  15,  is  designed  to  provide 
small  businesses  with  entry-level  support  for 
such  tasks  as  file  and  print,  remote  access  or 
running  business  applications.  Experts,  how¬ 
ever,  say  that  larger  companies  might  find 
Foundation  a  fit  for  small  branch  offices  as  a 
dedicated  on-site  server  managed  remotely 
“For  larger  businesses  that  have  Windows 
skills  and  remote  offices  with  few  people  in 
them,  this  is  a  killer  solution,”  says  A1  Gillen, 
an  analyst  with  IDC.“It  is  cost  effective,  and 
they  only  need  a  one  processor  unit.” 
www.nwdocfinder.com/9441 


Fedora  11  beta  posted  with  new  securi¬ 
ty,  developer  features.  The  Fedora  Project 
released  a  beta  of  the  next  version  of  its  free 
Linux  operating  system  with  new  security 
desktop  and  developer  features  that  provide 
a  glimpse  of  the  direction  Red  Hat  could  take 
with  its  enterprise  Linux  distribution.  New 
Fedora  1 1  features  include  an  automatic-con¬ 
tent  installation  tool  that  lets  users  automati¬ 
cally  download  a  font,  feature  or  even  an 
application  if  they  come  across  a  file  that 
needs  an  extension  not  found  locally  on  a 
PC.  Fedora  project  developers  also  have 
added  security  for  virtualized  containers  run¬ 
ning  on  the  OS  by  extending  Fedora’s  securi¬ 
ty  model.SELinux.A  new  cross-compiler  for 
Microsoft  Windows  applications  will  let  devel¬ 
opers  build  applications  for  the  Windows  OS 
on  the  Fedora  system. The  final  release  of 
Fedora  1 1,  code-named  Leonidas,  is  sched¬ 
uled  to  be  available  by  the  end  of  May 
www.nwdocfinder.com/9442 

Rackable  buying  SGI  for  $25  million. 

Rackable  Systems  plans  to  buy  the  assets  of 
bankrupt  Silicon  Graphics  for  roughly  $25 
million,  and  will  also  assume  certain  liabili¬ 
ties.  Rackable  will  gain  hardware  and  soft¬ 
ware  technologies  related  to  high-perfor¬ 
mance  computing,  allowing  it  to  build  sys¬ 
tems  that  can  process  complex  algorithms  for 
scientific  computing  and  other  environ¬ 
ments.  It  will  also  get  access  to  SGI’s  cus¬ 
tomers  in  the  government,  scientific  and  aca¬ 
demic  sectors.  SGI  filed  for  Chapter  1 1  bank¬ 
ruptcy  last  week  in  NewYork.The  asset  sale, 
which  is  subject  to  approval  by  the  bankrupt¬ 
cy  court,  is  expected  to  close  within  60  days. 
SGI,  which  had  posted  a  net  loss  of  $49.2  mil¬ 
lion  in  its  second  quarter,  will  continue  oper¬ 
ating  while  the  deal  closes. 
www.nwdocfinder.com/9443 

IBM,  Mayo  form  open-source  health 
IT  consortium.  Biomedical  informatics 
researchers  at  IBM  and  the  Mayo  Clinic 
have  launched  an  open  source  consortium 
in  an  effort  to  help  doctors  share  diagnosis 
and  treatment  information. The  Open 
Health  Natural  Language  Processing 
Consortium  will  focus  on  technology  to 
allow  for  large-scale  data  aggregation, 
allowing  doctors  to  mine  medical  records 
in  their  specialties  to  find  similar  cases  to 
study  before  making  difficult  diagnoses  or 
before  determining  treatment.  Doctors  will 
be  able  to  review  any  physician  notes  on 
similar  cases,  but  no  personally  identifiable 
patient  information  will  be  available  in  the 
database.  With  the  launch  of  the  consor¬ 
tium,  the  two  organizations  have  released 
two  projects  under  open  source  licenses, 
one  focused  on  clinical  notes  and  one  on 
pathology  reports.  The  consortium  is  using 
the  Apache  license, Version  2.0. 
www.nwdocfinder.com/9444 
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SYNERGY 

Where  Virtualization  +  Networking  +  Application  Delivery  Meet 


Measured  by  the  company  we  keep. 

Network  World  Live!  -  MGM  Grand  -  Las  Vegas  -  May  4-7 

You  can  evaluate  the  importance  of  any  industry  conference 
by  the  individuals  scheduled  to  speak.  By  that  measure, 
Network  World  Live!  is  the  one  conference  to  attend  in  2009. 

Network  World  Livel/Synergy  2009 
speakers  include: 

Patrick  Gelsinger,  SVR  Intel 

Mark  Templeton,  CEO,  Citrix  Systems,  Inc. 

John  Gantz,  SVP  and  CIO,  IDC 

John  Gallant,  EVR  Network  World 

Joe  Skorupa,  research  vice  president,  Gartner 

View  the  many  other  not-to-miss  speakers  at 

www.citrixsynergy.com/speakers.php 


miivrimijiir 


at  Synergy  2009  May  4-7,  MGM  Grand,  Las  Vegas 


For  more  information,  go  to  www.networkworld.com/synergy09. 
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VoiceCon:  It’s  all  about  the  savings 


BY  TIM  GREENE 

ORLANDO  —  Last  weeks  VoiceCon  Orlando 
was  just  as  much  about  how  to  save  money  as 
it  was  about  the  hottest  technology  —  unified 
communications  —  and,  in  fact,  UC  was  tout¬ 
ed  as  a  way  to  go  about  sav¬ 
ing  money 

UC  can  get  rid  of  desk 
phones,  make  multivendor 
legacy  PBXs  work  together, 
increase  worker  productivity, 
decrease  sales  cycles  and 
improve  customer  satisfaction  with  contact 
centers,  the  roughly  5,000  attendees  at  the 
show  were  repeatedly  told  in  keynote  address¬ 
es,  sessions  and  on  the  show  floor.  Despite  the 
bad  economy  the  estimated  attendance  was 
about  the  same  as  last  year,  and  the  number  of 
companies  exhibiting  was  1 17,  compared  with 
127  last  year,  a  show  organizer  said. 

One  user  says  enough  of  the  hype  about  UC 
is  true  that  after  a  500-person  trial  of  Microsoft’s 
Office  Communication  Server  2007,  he  plans  to 
roll  it  out  to  17,000  more  users  by  May.The  goal 
is  to  increase  productivity  and  shorten  sales 
cycles,” said  Anreas  Arrigoni.head  of  collabora¬ 
tion  services  for  telecom  carrier  Swisscom. 

Arrigoni  said  the  gear  reduces  the  time  it 
takes  to  close  a  deal  by  20%  and  also  saves 
each  employee  20  minutes  per  day 

Kraft  Foods  is  trialing  Avaya  UC  to  see  how 
users  will  change  the  way  they  work  when  pre¬ 
sented  with  UC  tools.  The  company  moved  a 
500-member  team  into  an  open  workspace 
with  no  wired  phones  or  data  network  and 
relying  on  Avaya  UC,  said  Thomas  Behnke, 
head  of  global  managed  network  services  for 
the  company 

Mobility  in  the  office  is  the  top  priority. 
Workers  use  wireless  laptops,  iPhones  and 
even  wheel  around  their  own  file  cabinets.  The 
only  network  service  provided  is  electricity 
Kraft  is  working  with  Avaya  for  a  native  iPhone 
application  that  will  support  full  UC  collabora¬ 
tion,  Behnke  said.  And  the  company  is  saving 
money  through  reduced  infrastructure  costs 
and  moving  from  TDM  carrier  services  to 
Session  Initiation  Protocol  (SIP),  he  says. 

While  definitions  vary  UC  is  the  blend  of 
voice,  video,  instant  messaging,  conferencing, 
collaboration  and  applications  that  can  enrich 
users’  communications  and  help  businesses 
work  more  effectively 

Demonstrations  ranged  from  Avaya’s  mashup 
of  its  UC  platform  with  Facebook  that  creates 
an  online  sales-support  tool,  to  Cisco’s  record¬ 
ing  of  a  high-definition  video  distributed  in  for¬ 
mats  appropriate  to  high-definition  devices  as 
well  as  PCs  and  handhelds,  to  IBM’s  integrating 
phone  systems  by  three  vendors  into  a  single 
system  that  shared  presence  information. 

With  cost  cutting  the  main  message  of  the 
show,  most  of  the  high-profile  presentations 


couched  the  savings  as  a  short-term  benefit  of 
the  initial  investment  in  UC,  with  greater  re¬ 
wards  to  be  reaped  later. “Align  your  company 
for  the  rebound,”  said  Gurdeep  Singh  Pall,  vice 
president  of  Microsoft’s  unified  communica¬ 
tions  group.  “When  the  cli¬ 
mate  changes  you  will  need 
to  leapfrog  your  competi¬ 
tion.” 

Major  UC  vendors  IBM  and 
Avaya  used  VoiceCon 
Orlando  as  the  platform  for 
unveiling  new  technology  In  the  case  of  IBM,  it 
was  interoperability  between  its  much  awaited 
IBM/Lotus  Sametime  Unified  Telephony  Server, 
expected  in  July  and  telephony  gear  made  by 
the  who’s  who  of  telecom  equipment  manufac¬ 
turers  —  Alcatel  Lucent,  Avaya,  Cisco,  Dialogic, 
GN  Netcom,  Mitel,  NEC,  Nortel,  Plantronics, 
Polycom,  Psytechnics  and  Siemens. 

When  the  server  does  come  out,  it  will  enable 
immediate  cost  savings  by  boosting  the  func¬ 
tionality  of  corporate  communications  net¬ 
works  without  having  to  rip  out  what’s  there. 
“Save  costs  this  year  and  reap  benefits  that  are 
exponential,”  said  Bob  Picciano,  general  man¬ 
ager  of  IBM  software. 

Avaya  also  announced  a  server  that  ties  mul¬ 
tivendor  PBXs  together  in  an  architecture  the 
company  calls  Aura.  Based  on  SIRthe  architec¬ 
ture  can  embrace  multiple  Web  applications 
easily  to  build  custom  business  software,  said 
Avaya  CEO  Kevin  Kennedy 

Cisco ‘s  big  news  at  the  show  was  about  telep- 


BY  JOHN  FONTANA 

Federal  legislation  introduced  in  the  Senate 
last  week  would  give  President  Obama  the 
power  to  declare  a  cybersecurity  emergency 
and  then  shut  down  both  public  and  private 
networks. 

The  proposed  legislation,  introduced  April  1, 
also  would  give  the  president  the  power  to 
“order  the  disconnection  of  any  federal  gov¬ 
ernment  or  United  States  critical  infrastructure 
information  systems  or  networks  in  the  interest 
of  national  security’ 

Some  critics  of  the  bill  say  that  phrase  needs 
to  be  more  clearly  defined. 

“We  are  confident  that  the  communication 
networks  and  the  Internet  would  be  so  desig¬ 
nated  [as  critical  infrastructure]  ,so  in  the  inter¬ 
est  of  national  security  the  president  could 
order  them  disconnected,”  says  Leslie  Harris, 


resence,  the  immersive  videoconferencing 
technology  that  uses  high-definition,  wide¬ 
screen  monitors  to  create  the  impression  that 
participants  at  different  sites  are  sitting  across 
the  table  from  each  other. 

The  company  announced  a  telepresence 
unit  that  supports  high-quality  video  and 
audio,  but  not  the  illusion  that  dispersed  users 
are  in  the  same  room. 

Other  vendors  such  as  AVST  made  their  own 
UC  advances.The  company  launched  Version  8 
of  its  CallXpress  communication  platform, 
which  introduces  a  personal  assistant  that 
draws  presence  information  from  Microsoft 
and  IBM/Lotus  calendars  and  contact  man¬ 
agement  software  and  extends  it  across  a  busi¬ 
ness  network. 

The  beleaguered  but  still  significant  business 
communications  vendor  made  an  appearance 
at  the  conference,  but  its  ongoing  bankruptcy 
proceedings  continue  to  overshadow  just 
about  anything  else  it  does.  Joel  Hackney  presi¬ 
dent  of  Nortel’s  Enterprise  Solutions,  said 
despite  the  January  filing  for  bankruptcy  orders 
for  Nortel  gear  were  on  par  with  what  they  were 
a  year  ago. 

He  points  to  May  1  as  the  day  when  the  com¬ 
pany  will  reveal  its  restructuring. 

Rumors  flew  at  the  show  that  Avaya  —  pri¬ 
vately  held  with  ample  cash  —  and  Siemens 
were  interested  in  Nortel’s  enterprise  division 
or  at  least  its  business-telephony  segment,  but 
Hackney  said  he  couldn’t  talk  about  details  of 
the  agreement  being  worked  out  in  court.B 


president  and  CEO  at  the  Center  for  Demo¬ 
cracy  and  Technology  (CDT),  which  promotes 
democratic  values  and  constitutional  liberties 
for  the  digital  age. 

Harris  and  the  CDT  don’t  think  such  sweep¬ 
ing  power  is  good  news,  including  private  net¬ 
works  that  could  be  shut  down  by  government 
order.  Those  same  networks  would  be  subject 
to  government  mandated  security  standards 
and  technical  configurations. 

The  bill  says  the  president  must  have  a  com¬ 
prehensive  national  cybersecurity  strategy  in 
place  12  months  after  the  bill  passes. 

“This  is  pretty  sweeping  legislation,”  Harris 
says.“Seems  the  president  could  turn  off  the  In¬ 
ternet  completely  or  tell  someone  like  Verizon 
to  limit  or  block  certain  traffic.There  is  a  lot  to 
worry  about  in  this  bill.” 

See  Cybersecurity,  page  35 


VoiceCon 


Bill  would  give  Obama 
power  to  shut  down  'Net 
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CASE  STUDY 

Unified  Communications 

Bringing  New  Meaning  to  “Legal  Ease” 


Rod  Sagarsee,  CIO 

BRINKS  HOFER  GILSON  &  LIONE 

Sagarsee  has  been  the  leader  of  the  law  firm's  IT  department  since  1996 
and  has  been  CIO  since  2003.  He  has  more  than  25  years  of  experience  in 
the  technology  industry. 


Unified  communications  is  changing 
how  Brinks  Hofer  Gilson  &  Lione,  a 
Chicago-based  intellectual  property  law 
firm,  does  business.  Chief  information 
officer  Rod  Sagarsee  discusses  how  the 
adoption  of  VoIP  is  helping  Brinks  to 
enhance  attorney  productivity  and  take 
client  service  to  new  heights. 

What  was  the  communications 
challenge  facing  Brinks? 

The  field  of  law  is  very  demanding  of 
technology,  especially  around  voice.  Yet, 
we  had  antiquated  phones  with  limited 
voice  functionality,  zero-converged 
networking  capabilities  and  unaccept¬ 
able  bandwidth— all  of  which  flies  in  the 
face  of  exceptional  client  service.  We 
needed  to  develop  a  unique  topology 
and  network  infrastructure  that  would 
support  new  voice  protocols  and  unified 
communications,  as  well  as  consistent 
five  9s  QoS.  VoIP  was  definitely  going 
out  on  a  limb,  but  it’s  our  job  to  provide 
our  attorneys  with  every  opportunity  to 
accomplish  their  goals  and  Avaya  was  the 
best  way  to  do  that. 

How  has  that  been  resolved? 

The  Avaya  solution  has  given  our  users 
an  entirely  different  way  to  communicate 
and  serve  clients  through  a  converged 
network  topology.  It  has  taken  our  firm 
from  a  single-line  phone  and  voice¬ 
mail  mentality  to  that  of  multiple  lines, 
converged  voicemail  and  email,  instant 


notification,  toll-free  conferencing  and 
complete  mobility.  In  fact,  our 
attorneys  can  use  whatever  mobile  device 
they  want.  And,  Avaya's  non-proprietary 
nature  allows  for  integration  with  other 
systems,  like  Microsoft  solutions.  Our 
firm  is  now  on  the  forefront  of  emerging 
technology— collaborating  and  servicing 
clients  instantly  with  voice,  video  and 
data  from  anywhere. 

What  are  some  of  the  resulting 
benefits? 

We’ve  reached  a  whole  new  level  in 
communication.  Attorneys  can  handle 
multiple  calls  at  the  same  time,  receive 
immediate  notification  of  new  messages 
no  matter  where  they  are,  extend  calls  to 
their  cellular  phones,  initiate  meet-me 
conference  calls  and  more.  They  can 
even  integrate  impromptu  video  and 
desktop  sharing  of  data  and  documents. 
These  valued-added  functions  have 
given  us  a  competitive  advantage  in  terms 
of  productivity  and  client  services.  Ad¬ 
ditionally,  we’ve  lowered  our  TCO  by  cut¬ 
ting  $18,000  per  month  in  phone  charges 
and  eliminating  third-party  conference 
service  charges. 

Technically  speaking,  the  steady  dial  tone 
gives  my  team  much-needed  peace  of 
mind.  Also,  little  to  zero  server-level  and 
switch-level  maintenance,  coupled  with 
reduced  front-end  user  maintenance,  is 
a  dream  come  true.  Most  importantly, 


we  now  have  a  foundation  for  mass 
expansion,  additional  bandwidth  and  the 
ability  to  support  higher-level  unified 
communications. 

What  did  it  take  to  roll  out  the 
new  network? 

Our  users  are  accustomed  to  24/7  un¬ 
interrupted  service,  so  replacing  400+ 
phones  and  switching  to  Avaya  was  a 
significant  undertaking.  I’m  fortunate  to 
work  with  a  highly  skilled  team  and  we 
accomplished  it  all  over  one  weekend— 
transparently  to  users  who  left  on  Friday 
and  returned  on  Monday  to  new  phones 
and  capabilities.  And,  we  did  it  with  very 
little  third-party  assistance. 

What  advice  would  you  give  those 
considering  unified  communications? 

Research,  plan,  test  and,  most  important¬ 
ly,  openly  communicate  with  and  train 
your  users  well  ahead  of  implementation. 
Communication  puts  users  at  ease  and 
lets  them  know  that  it’s  still  just  a  phone. 
After  all,  it’s  often  the  unknown  that  over¬ 
whelms  users,  not  the  actual  technology 
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Cost-cutting 

continued  from  page  1 

access  data, documentation  and  tools  from  one 
toolbar. 

“This  way  staff  has  the  documentation  it 
needs  to  address  the  problem  as  well  as  the 
ability  to  launch  the  tools  to  resolve  the  issues 
from  that  same  toolbar]’  Jones  explains.  “It  has 
cut  down  on  the  time  it  takes  to  find  the  re¬ 
sources  you  need.” 

2.  Use  SNMP  to  track  power  usage 

With  green  computing  initiatives  top  of  mind 
for  their  potential  cost  savings,  many  IT  depart¬ 
ments  are  tasked  with  trying  to  find  ways  to 
capture  the  power  and  then  reduce  it  across 
the  environment.  Without  new  tools,  that  task 
might  seem  a  bit  daunting. 

Shane  Bordeau, senior  regional  manager  of 
strategic  accounts  at  network  performance 
management  vendor  NetQoS,  explains  that  IT 
managers  can  use  SNMP  Management  Infor¬ 
mation  Bases  to  monitor  power  consumption 
—  without  spending  a  penny 

IT  managers  can  turn  on  SNMP  polling  across 
various  devices,  such  as  light  systems,  and  mon- 


Husain  also  is  putting  social  networking  to 
use  by  building  Facebook  pages  for  university 
departments. 

“This  isn’t  cutting  edge  or  new,  but  our  stu¬ 
dents  are  already  using  this  application  and  it 
is  available  to  us  for  free  so  why  not  meet  our 
customers  there  and  provide  them  the  re¬ 
sources  they  need  in  a  setting  they  are  com¬ 
fortable  with,”  Husain  says.“And  it’s  free  for  us.” 

4.  True-up’  maintenance/software  license 
contracts 

An  economic  downturn  provides  the  perfect 
opportunity  to  take  an  inventory  of  network 
devices  and  software  licenses,  track  actual 
usage  and  associate  a  cost  with  what  gets  used 
in  the  environment  and  by  whom. 

“True-up  maintenance  contracts,”  says  Lou 
Nardo,  Netcordia’s  vice  president  of  product 
management. “[It  will]  help  stop  over-paying 
on  network  device  maintenance  beyond  what 
is  still  owned  and  deployed.” 

John  Turner,  director  of  networks  and  sys¬ 
tems  at  Brandeis  University,  adjusts  his  organi¬ 
zation’s  maintenance  contracts  during  tough 
economic  times.  With  some  900  edge  switches, 
“it  makes  sense  for  us  to  put  maintenance  on 


**We  can  fix  a  VoIP  phone  in-house  with  a  spare 
part  and  20  minutes  of  labor  for  about  $13.  You 
turn  to  such  methods  in  hard  times,  but  really 
they  make  sense  in  any  economic  times.55 

John  Turner 

Director  of  networks  and  systems,  Brandeis  University 


itor  power  usage  and  thermostat  levels  without 
investing  in  power  monitoring  tools.  Bordeau 
says  the  metrics  can  be  captured,  tracked,  aver¬ 
aged  and  compared  against  bills  to  trend 
where  unnecessary  costs  are  accruing. 

3.  Tap  collaboration,  social  networking  tools 

Naveed  Husain  isn’t  feeling  the  penny-pinch¬ 
ing  effect  of  the  recession  as  much  as  others  in 
his  field,  he  says,  because  he  works  in  public 
education  —  where  every  dollar  needs  to  be 
stretched  into  three. 

“We  have  never  been  able  to  throw  money  at 
things,  so  we  buy  things  we  know  can  be  used 
in  a  variety  of  ways,” says  Husain, CIO  at  Queens 
College,  a  City  University  of  New  York  public 
educational  institution. 

For  instance,  instead  of  investing  in  software 
to  revamp  the  university’s  Web  site  and  sepa¬ 
rate  tools  for  project  management,  Husain 
tapped  an  existing  enterprise  Microsoft  Share- 
Point  license  to  do  both.The  collaboration  soft¬ 
ware  helped  Husain  build  a  standard  look  and 
feel  across  Queens  College’s  various  depart¬ 
ments  and  not  spend  a  cent. 

“The  whole  idea  when  we  decided  to  use 
SharePoint  was  to  leverage  what  we  were 
already  spending  money  on,  so  we  can  really 
get  everything  out  of  it  possible,”  he  explains. 


core  equipment  and  just  spare  the  edge  switch¬ 
es,”  Turner  says.  He  adds  that  having  mainte¬ 
nance  on  all  the  switches  costs  more  than  hav¬ 
ing  a  few  spares  on  hand  in  case  one  breaks. 

“It’s  a  risk  and  that  shows  up  under  the  war¬ 
rantee,  but  we  do  the  same  no-maintenance 
with  access  points  and  VoIP  phones,”  he  says. 

5.  Repair  existing  equipment 

Brandeis’Turner  also  thinks  more  companies 
could  get  better  at  repairing  equipment  or  re¬ 
placing  power  supplies  when  times  get  finan¬ 
cially  tough.  For  instance,  the  cost  to  buy  a  new 
VoIP  phone  could  be  $400,  when  the  price  for 
repairs  is  more  like  $120.  Even  less  expensive  is 
the  do-it-yourself-option.  “We  can  fix  a  VoIP 
phone  in-house  with  a  spare  part  and  20  min¬ 
utes  of  labor  for  about  $13,”  Turner  says.  “You 
turn  to  such  methods  in  hard  times,  but  really 
they  make  sense  in  any  economic  times.” 

6.  Enable  NetFlow  and  IP  SLA 

Turning  features  on  in  network  hardware  can 
deliver  volumes  of  meaningful  data  and  reduce 
manual  efforts  for  IT  managers.  For  instance, 
Cisco  equipment  includes  features  such  as  Net- 
Flow  and  IP  SLA,  both  of  which  often  remain 
dormant  unless  activated. 

“These  features  are  built  right  into  Cisco  IQS 


and  turning  them  on  delivers  traffic  flow  and 
performance  data  without  spending  more 
cash,”  says  Josh  Stephens,  vice  president  and 
head  geek  at  SolarWinds. 

7.  Eliminate  unauthorized  application  and 
device  use 

The  recession  has  many  IT  managers  thinking 
they  should  lock  down  application  and  device 
usage  in  favor  of  businesscritical  demands.  But 
many  don’t  realize  they  can  gather  the  neces¬ 
sary  data  without  investing  in  more  tools. 

According  to  Russ  Currie,  director  of  product 
management  at  NetScout,  the  company’s 
nGenuis  Performance  Manager  product  can 
be  configured  in  such  a  way  to  deliver  Web  site 
statistics  via  a  dashboard  feature.  Rather  than 
investing  in  a  new  tool  to  monitor  Web  traffic, 
one  customer  used  nGenuis  to  ensure  his  site 
could  handle  the  load  of  dozens  of  employees 
simultaneously  watching  the  presidential  inau¬ 
guration  online  at  work. 

“If  you  know  there  is  an  event  coming,  estab¬ 
lish  the  filters  and  get  that  data  right  in  front  of 
you.  If  behavior  impedes  business,  lock  it 
down,”  Currie  says. 

8.  Fine-tune  existing  network  gear 

Seitz  realizes  that  even  though  funds  are 
dried  up  today  customer  demand  for  IT  inno¬ 
vations  will  continue  at  a  breakneck  pace. 
That’s  why  he’s  working  with  F5  Networks  to 
review  his  network  infrastructure  and  find 
ways  to  add  intelligence  to  the  gear  to  improve 
application  delivery  to  mobile  users. 

“We  have  some  2,000  applications  that  we 
run  and  it  would  be  impossible  for  us  to 
support  a  separate  code  base  just  for  mobile 
devices,”  Seitz  says. 

9.  Restructure  staff 

With  payroll  budgets  strapped,  it’s  a  good  idea 
to  take  inventory  of  in-house  talent  and  realign 
IT  pros  to  the  job  most  suited  for  them.Virginia 
Tech’s  Jones  is  doing  this  as  part  of  an  effort  to 
make  the  university’s  enterprise  systems  acces¬ 
sible  from  PDAs  and  other  mobile  devices. 

“We  are  looking  at  the  big  picture  and  realiz¬ 
ing  we  need  to  make  our  apps  easier  to  back 
up  and  maintain  and  that  we  have  the  pro¬ 
gramming  knowledge  in-house  to  do  that  with¬ 
out  having  to  turn  to  a  vendor]’ Jones  says. 

10.  Squeeze  more  from  freeware 

Freeware  and  open  source  applications  have 
become  a  must-have  for  many  IT  shops  these 
days.  For  John  Kokidko,  network  operations  ad¬ 
ministrator  at  Georgetown  University  an  open 
source  application  called  Netdisco  helps  him 
discover  the  network,  see  what’s  on  ports  and 
potentially  lock  out  threats. 

“We  started  using  Netdisco  because  we 
needed  to  control  infected  devices  via  port 
shut-offs  on  our  network.  But  because  our  net¬ 
work  is  ever-expanding,  the  app  is  now  getting 
used  beyond  our  original  intention  and  helping 
us  discover  and  view  the  network  in  a  logistical 
sense,”  he  explains.  ■ 
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Five  overlooked  router,  switch  features 


BY  JIM  DUFFY 

It’s  been  said  that  Microsoft  Word  users  only 
exploit  10%  of  the  software’s  capabilities. 

The  same  might  be  true  of  those  managing 
enterprise  LAN  switches  and  routers,  a  habit 
that  might  be  costing  organizations  in  unnec¬ 
essary  purchases  and  manpower  at  a  time 
when  every  penny  counts. 

An  informal  canvass  of  some  leading  switch 
and  router  vendors  found  that  customers  use 
less  than  half  of  the  systems’  capabilities. 
Among  the  more  overlooked  features  are  spe¬ 
cific  functions  within  network  management 
and  security,  vendors  say 

“Eighty  to  90%  of  users  use  about  10%  to  15% 
of  switch  features,  maybe  20%, ’’says  Ananda 
Rajagopal,  director  of  switch  product  manage¬ 
ment  at  Brocade.  “It  is  true  that  a  lot  of  the 
capabilities  are  often  not  used  by  customers.” 

In  many  cases,  it’s  a  lack  of  awareness  of 
those  capabilities,  Rajagopal  says.  And  at  times, 
this  lack  of  awareness  and  implementation 
could  have  dramatic  effect  on  the  network  in 
terms  of  security  levels  and  visibility  into  traffic 
behavior,  he  says. 

Some  of  the  most  overlooked  features  are: 

•  IEEE  802.  IX  for  user  identification  and 
authentication. 

•  NetFlow  or  sFlow  traffic  sampling. 

•  IPv6 

•  LLDP-MED,  for  dynamically  provisioning 
power  levels  to  devices. 

•  Ethernet  OA&M,  for  troubleshooting  Layer  2 
Ethernet  networks,  a  feature  that  “99%  of  cus¬ 
tomers  are  not  aware  of,”  Rajagopal  says. 

Overlooking  802.1X 

The  IEEE  standard  802.  IX  is  defined  for  port- 
based  network  access  control  (NAC).  It  pro¬ 
vides  user  and  device  authentication  for  LAN 
access,  and  is  commonly  used  for  802.1 1  wire¬ 
less  access  points. 

It  is  not  commonly  used  for  wired  network 
access,  vendors  say,  even  though  it  can  be. 
Some  vendors  are  perplexed  as  to  why  it  is  not 
and  say  they  have  to  enlighten  users  to  its 
applicability  when  they  wish  to  enhance  NAC 
authentication  for  wired  networks. 

“It’s  second  nature  in  the  wireless  world  but 
not  in  the  wired  world,”  says  William  Choe, 
director  of  the  Ethernet  switching  technology 
group  at  Cisco. 

A  Gartner  survey  last  year  found  that  cus¬ 
tomers  are  increasingly  willing  to  use  802.  IX- 
based  NAC,  but  that  inhibitors  include  a  large 
installed  base  of  switches  that  don’t  support 
the  standard. Those  customers  will  wait  out 
802. IX  until  they  upgrade  their  switches,  the 
survey  found. 

NetFlow,  sFlow  not  tracking 

NetFlow  is  a  Cisco-developed  method  for 
collecting  IP  traffic  information,  which  can  be 
used  to  visualize  traffic  flows  and  volume  in  a 


network  to  help  with  capacity  planning,  pin¬ 
point  usual  or  malicious  behavior,  billing  and 
other  tasks. 

“It  tells  you  by  user,  by  application,  what’s 
consuming  all  of  your  network  resources,” says 
Trent  Waterhouse,  vice  president  of  marketing 
at  Enterasys  Networks. 

Yet  despite  its  promised  benefits,  NetFlow  is 
the  “most  overlooked  capability”  on  Enterasys 
switches,  Waterhouse  says.  He  adds  that  17%  of 
the  company’s  support  center  calls  are  related 
to  features  and  functionality  already  embed¬ 
ded  in  Enterasys  switches  for  security  or  policy 
management. 

“We  don’t  want  to  be  like  Microsoft  Word, 
where  only  10%  of  our  features  are  used, ’’Water- 
house  says.“We  want  to  make  the  management 
software  facilitate  the  feature  usage  so  you  get 
that  built-in  priority  and  security  protection.” 

Enterasys  customer  University  of  North 
Carolina  (UNC)  uses  50%  of  the  features  on  its 
switches,  says  Mike  Hawkins,  associate  director 
of  networking  at  the  college.Though  he  did  not 
quantify  the  dollar  savings,  Hawkins  says  using 
half  or  more  of  the  available  switch  features  — 
such  as  role-based  network  access  policies,  or 
remote  port-based  RMON  packet  capture,  or 
management  information  bases  that  maintain 
a  history  of  everything  broadcast  on  a  switch 
port  —  does  reduce  costs  for  UNC  via  in¬ 
creased  uptime,  automated  operation  and  de¬ 
creased  manpower. 

“We  use  more  of  the  features  so  we  don’t 
have  to  have  as  many  people”  operating  and 
managing  the  network,  he  says. 

“I  know  when  I  solve  problems  quicker, a  user 
is  back  online  quicker,”  Hawkins  says.  “How 
much  is  that  user’s  time  worth?  That’s  the 
money  I  save.  And  I  don’t  have  to  send  anyone 
out  into  the  field.” 

One  of  the  capabilities  UNC  does  not  use  on 
the  Enterasys  switches  is  flow  setup  throttling, 
which  lets  users  take  action  — such  as  slowing 
down  traffic  or  shutting  off  a  port  —  on  a  cer¬ 
tain  number  of  flows  on  a  link  or  port  if  those 
flows  are  determined  suspicious  or  potentially 
malicious.  Hawkins  says  he  may  use  it  as  more 
video  traffic  traverses  the  UNC  network. 

Another  traffic  monitoring  feature,  the  IETF 
specification  sFlow,  is  also  commonly  over¬ 
looked  or  not  enabled,  vendors  say  The  sFlow 
capability  captures  traffic  data  by  using  a  sam¬ 
pling  technology  to  collect  statistics  from 
switches  and  routers. 

Sampling  makes  it  applicable  to  gigabit  and 
higher  speed  networks,  vendors  say.  And  like 
NetFlow,  it  provides  more  granular  visibility 
into  network  behavior,  they  say 

Few  takers  for  IPv6 

IPv6  —  the  long-anticipated  upgrade  to  the 
Internet’s  main  protocol  —  is  a  feature  that’s 
mandated  by  the  U.S.  government.  Among 
other  things,  IPv6  promises  improved  network 


security  and  management.  But  it  has  been 
largely  ignored  by  private  sector  enterprises 
even  though  the  protocol  is  incorporated  into 
a  switch  or  router’s  software  license. 

Users  have  found  other  ways  to  handle  IPv4 
address  depletion,  such  as  network  address 
translation,  vendors  say 

Its  lack  of  use  is  “a  little  bit  surprising  because 
of  the  cost  of  managing  IP  addresses,”  Cisco’s 
Choe  says.  He  says  one  reason  it  isn’t  used 
more  is  that  client  operating  systems,  such  as 
Windows  Vista,  provide  other  methods  for 
managing  IPv4  address  shortages  even  though 
they  incorporate  IPv6. 

Those  that  have  embraced  IPv6,  such  as 
Google,  say  implementing  the  technology  is 
not  that  difficult  and  it  will  pay  off  in  easier  net¬ 
work  management. 

Not  that  IPv6  doesn’t  have  its  shortcom¬ 
ings.  A  recent  Internet  Society  report  survey 
found  that  business  incentives  are  lacking. 
Concerns  remain  about  backward  compati¬ 
bility  issues  with  IPv6  and  IPv4  as  well, 
according  to  the  IETF 

Few  discover  LLDP-MED,  Ethernet  0A&M 

Other  standards,  such  as  ANSI/TIA’s  LLDP- 
MED  and  the  IEEE’s  802. 3ah  for  Ethernet 
OA&M,  may  be  overlooked  because  of  their 
relative  unfamiliarity  or  specific  niche  func¬ 
tion.  LLDP-MED,  which  was  defined  to  discover, 
configure  and  provision  power  to  Power  over 
Ethernet  devices  such  as  IP  phones  according 
to  policy,  was  approved  and  published  in 
2006. 

But  wide  adoption  of  a  standard  discovery  or 
registration  protocol  for  phones  is  limited. 

The  Ethernet  OA&M  aspect  of  the  802.3ah  — 
or  Ethernet  in  the  First  Mile  —  standard, 
attempts  to  bring  carrier-like  management  to 
Ethernet  access  networks,  such  as  discovery 
link  monitoring,  remote  fault  indication  and 
loopback  detection. 

Vendors  say  they  are  working  to  better  edu¬ 
cate  their  customers  on  the  full  breadth  of  fea¬ 
tures  in  their  switches  and  routers  before  they 
spend  money  unnecessarily  —  on  a  competi¬ 
tor’s  solution. 

“There’s  a  lot  of  misunderstanding,” says  Mark 
Hilton,  director  of  technical  product  marketing 
at  HP  ProCurve.“Another  vendor  might  say’you 
need  this  feature,’  but  we’ll  show  them  how  to 
configure  it  on  the  switch.”® 
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CTIA  Wireless:  LTE  comes  into  view 

Widely  hyped  4G  technology  moves  closer  to  becoming  reality 


Seen  at  CTIA  Wireless:  Motorola's  LTE  van;  new  phones  including  the 
Nokia  E71x  and  Palm  Pre;  "virtual  race  car"  developed  by  4G  antenna 
vendor  Powerwave. 


BY  BRAD  REED 

LAS  VEGAS  —  In  the  two  weeks  prior  to  the  CTIA  Wireless 
convention,  Motorola’s  team  of  technicians  went  to  work 
building  an  ad  hoc  4G  wireless  network  on  top  of  the  Las 
Vegas  Convention  Center.  The  goal  was  to  give  convention 
goers  a  live  outdoor  demonstration  of  Long  Term  Evolution 
(LTE)  mobile  broadband  technology  by  streaming  live  high- 
definition  video  from  the  top  of  the  facility  into  a  moving 
van. 

The  results  were  far  from  perfect,  as  the  network  equip¬ 
ment’s  location  atop  the  convention  center  was  not  ideal  for 
propagation  and  thus  led  to  jittery  video,  but  the  demon¬ 
stration  served  notice  that  LTE  is  starting  to  move  out  of  car¬ 
riers’  and  device  manufacturers’  test  labs  and  into  the  real 
world. 

Widely  expected  to  be  the  next  major  standard  in  mobile 
broadband  technology  LTE  received  a  lot  of  attention  from 
both  speakers  and  vendors  at  this  year’s  show,  which  attract¬ 
ed  1,000  exhibitors,  a  10%  increase  vs.  last  year  (CTIA  offi¬ 
cials  did  not  have  attendance  figures).  As  telecom  carriers 
talked  about  deploying  LTE,  there  was  a  sense  that  the  wire¬ 
less  industry  was  reaching  the  end  of  an  era.  Specifically  it 
seems  that  the  days  when  cellular  carriers  would  charge 
users  for  voice  services  by  the  minute  could  be  numbered. 

Because  LTE  is  built  entirely  around  IRwireless  users  will 
be  far  more  likely  to  make  their  calls  using  VoIP  rather  than 
via  traditional  cellular  networks,  speculated  AT&T  Mobility 
CEO  Ralph  de  la  Vega  during  a  question  and  answer  ses¬ 
sion.  In  particular,  de  la  Vega  said  LTE’s  high  bandwidth 
meant  that  carriers  would  eventually  move  toward  pricing 
models  that  charge  only  for  data  volume,  not  for  minutes. 

“Once  we  deploy  LTE,  we  will  be  able  to  sell  more  data  at 
a  lower  price  than  we  do  toda>f  he  said. “The  future  trend 
will  be  to  just  sell  data.  It’s  a  little  too  early  to  talk  about  rate  plans  for 
LTE,  but  I  think  the  way  the  world  is  going  it  will  be  about  how  much 
data  you  want  to  buy!’ 

And  it  isn’t  just  the  way  that  carriers  price  their  voice  services  that 
could  change  with  the  advent  of  LTE.  Fred  Wright,  who  serves  as 
Motorola’s  senior  vice  president  for  cellular  and  WiMAX  networks,  pre¬ 
dicted  that  widespread  LTE  adoption  would  result  in  more  manufac¬ 
turers  designing  mobile  devices  that  place  more  emphasis  on  video 
services  and  less  on  voice  and  data. 

“1  expect  that  LTE  devices  will  have  4-inch  display  screens,  for  exam¬ 
ple,  which  won’t  have  any  buttons  or  keypads  on  [them]  ,”he  said.“It  will 
be  a  larger  display  screen  than  current  smartphones...  the  reason  for 
this  is  that  LTE  will  be  all  about  video.” 

Verizon  leading  the  charge 

Although  carriers  AT&T  and  T-Mobile  have  committed  to  deploying 
LTE  in  the  near  future.it  has  so  far  been  Verizon  that  has  taken  the  lead 
in  getting  the  technology  to  the  market.  During  his  keynote  address  at 
CTIA  Wireless, Verizon  CEO  Ivan  Seidenberg  said  his  company  was  still 
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on  track  to  deploy  LTE  on  a  limited  basis  later  this  year,  with  plans  to  roll 
out  the  technology  in  25  to  30  markets  in  2010.  If  all  goes  according  to 
plan,  Verizon  will  have  a  significant  time-to-market  advantage  over  its 
competitors. 

But  Verizon  is  not  content  with  merely  getting  LTE  up  and  running 
quickly  as  the  carrier  said  last  week  that  it  was  founding  a  new  “inno¬ 
vation  center”  aimed  at  creating  a  wide  range  of  devices  and  services 
for  mobile  broadband. The  center,  which  will  be  located  in  Waltham, 
Mass.,  and  run  in  partnership  with  Ericsson  and  Alcatel-Lucent,  will 
essentially  serve  as  a  test  lab  for  wireless  device  and  application  devel¬ 
opers  who  want  to  try  out  their  products  on  mobile  broadband  net¬ 
works.  As  currently  conceived,  it  will  be  focused  on  three  major  prod¬ 
uct  areas:  consumer  electronics  and  appliances;  machine-to-machine 
products  that  wirelessly  deliver  information  between  devices  specifi¬ 
cally  designed  for  fields  such  as  healthcare,  security  and  utility  moni¬ 
toring;  and  telematics  applications,  such  as  the  GPS  solution  used  by 
UPS  to  track  its  vehicle  fleet. 

Wright  said  Verizon’s  decision  to  go  full-speed  ahead  with  LTE  deploy¬ 
ment  made  it  an  “anomaly”  in  the  wireless  industry  as  the  majority  of  car¬ 
riers  have  so  far  seemed  content  to  take  their  time  and  milk  as  much 
value  as  possible  out  of  their  3G  networks.Wright  predicted  that  because 
most  carriers  are  aiming  for  LTE  deployment  a  little  further  down  the 
line,  its  success  will  not  be  hindered  by  the  current  global  economic  cri¬ 
sis  that  is  leading  to  a  major  drop-off  in  technology  spending. 

“The  whole  issue  about  LTE  is  not  about  today  but  about  two,  three, 
four  years  from  now(  he  said.  “We  have  plenty  of  time  for  the  global 
economy  to  recover  and  I  don’t  see  that  the  current  economic  envi¬ 
ronment  has  any  impact  on  the  decision  to  deploy  LTE  at  all.”B 
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Cloudy  ambitions 

Vendor  groups  tackle  lingering  issues  related  to  cloud  computing 

Cloud  Security  Alliance 

Mission:  Promote  use  of  best  security  practices  for  computing  performed  over  the 
cloud,  while  providing  education  on  the  uses  of  cloud  computing. 

Key  members:  eBay,  ING,  Qualys,  PGP,  zScaler 

Open  Cloud  Consortium 

Mission:  Improve  performance  of  storage  and  compute  clouds  spread  across  geograph¬ 
ically  disparate  data  centers  and  promote  open  frameworks  that  let  clouds  operated  by 
different  entities  work  seamlessly  together. 

Key  members:  Cisco,  MIT  Lincoln  Labs,  Yahoo,  various  colleges  including  the  University 
of  Illinois  at  Chicago 

Open  Cloud  Manifesto 

Mission:  Define  a  set  of  core  principles  for  the  cloud  computing  market,  including  pro¬ 
motion  of  open  technologies  that  prevent  vendor  lock-in  and  allow  data  and  applications 
to  move  freely  from  one  vendor- sponsored  cloud  to  another. 

Key  members:  IBM,  Sun,  VMware,  AT&T,  Enomaly,  many  others 


Cloud 

continued  from  page  1 

announced  the  formation  of  the  Cloud 
Security  Alliance,  saying  the  delivery  of  on- 
demand  computing  capacity  over  the  Web  is 
putting  new  demands  on  security  tools. 

“The  very  nature  of  how  businesses  use  infor¬ 
mation  technology  is  being  transformed  by  the 
on-demand  cloud  computing  model,”  says 
Dave  Cullinane,  CISO  at  eBay.  “It  is  imperative 
that  information  security  leaders  are  engaged 
at  this  early  stage  to  help  assure  that  the  rapid 
adoption  of  cloud  computing  builds  in  infor¬ 
mation  security  best  practices  without  imped¬ 
ing  the  business.” 

Separately,  a  large  collection  of  vendors 
threw  their  support  behind  the  Open  Cloud 
Manifesto,  which  challenges  the  industry  to 
avoid  proprietary  technologies  that  would 
limit  cloud  choices.  Besides  security  the  mani¬ 
festo  urges  vendors  to  focus  on  portability  and 
interoperability  of  data  and  applications,  gov¬ 
ernance  and  management,  and  metering  and 
monitoring. 

Customers  need  to  be  skeptical,  particularly 
when  they  are  considering  sending  critical 
data  and  applications  to  cloud  providers,  said 
David  Snead,  an  attorney  who  spoke  about 
legal  issues  related  to  virtualization  and  cloud 
computing  at  Sys-Con’s  Cloud  Computing 
Conference  &  Expo  in  New  York  City  last  week. 
Companies  such  as  Amazon  do  have  down¬ 
time,  and  service-level  agreements  may  not 
guarantee  severe  penalties,  he  said. 

“There’s  no  such  thing  as  a  cloud,”  Snead 
said. “Your  data  is  going  somewhere.  It’s  going 
to  some  infrastructure  provider. . . .  Something  I 
don’t  think  a  lot  of  companies  understand 
when  they’re  sending  things  out  to  the  cloud,  is 
where  it’s  going  and  what  companies  are  going 
to  stand  behind  it.” 

Critical  applications  such  as  databases,  trans¬ 
action  processing  and  ERP  workloads  proba¬ 
bly  should  not  be  the  first  ones  sent  out  to  the 
cloud,  said  Kristof  Kloeckner,  the  cloud  com¬ 
puting  software  chief  at  IBM.  Kloeckner  recom¬ 
mended  that  enterprises  just  now  looking  at 
the  cloud  choose  a  few  “quick  wins”  that  bene¬ 
fit  many  employees,  but  carefully  analyze 
applications  with  mission-critical  requirements 
before  making  any  decisions.  Beyond  simply 
outsourcing,  the  cloud  could  provide  opportu¬ 
nities  for  enterprises  to  start  using  new  work¬ 
loads,  such  as  high-volume,  low-cost  analytics, 
or  collaborative  business  networks,  he  said. 

Last  week’s  debut  of  the  Open  Cloud  Mani¬ 
festo  was  not  without  controversy  as  Microsoft 
claimed  that  an  open  process  was  not  used  to 
create  the  document,  and  that  it  was  asked  to 
sign  it  without  the  opportunity  to  provide  feed¬ 
back  or  revisions. 

But  Microsoft  later  met  with  companies  such 
as  Cisco, IBM  and  Intel  and  generally  agreed  on 
the  importance  of  cloud  computing  services 
being  open  and  interoperable. 

Reuven  Cohen,  the  founder  and  chief  tech¬ 
nologist  for  cloud  computing  start-up 


Enomaly  and  one  of  the  people  responsible  for 
bringing  the  manifesto  to  the  public,  is  advo¬ 
cating  for  the  creation  of  an  industry  associa¬ 
tion  focused  on  marketing  a  cohesive  picture 
of  what  cloud  computing  is. 

While  many  vendors  are  still  defining  cloud 
computing  in  different  ways,  Cohen  argues  that 
“we  can  still  compete,  but  we  don’t  necessarily 
have  to  tell  different  stories  about  what  the 
cloud  is.  There  is  an  opportunity  to  come  to¬ 
gether  and  grow  the  market.” 

How  the  cloud  is  defined  will  be  important 
to  limit  confusion  in  the  marketplace.  Every 
vendor  is  using  the  word  “cloud”  to  suit  their 
own  purposes,  but  the  Sys-Con  conference 
demonstrated  that  a  common  definition  is 
probably  not  that  far  away 

As  an  approach  to  building  IT  services,  cloud 
computing  harnesses  several  converging  fac¬ 
tors  in  the  IT  world,  including  the  rapidly 
increasing  horsepower  of  servers  and  virtual¬ 
ization  technologies  that  combine  many 
servers  into  large  computing  pools  and  divide 
single  servers  into  multiple  virtual  machines 
that  can  be  spun  up  and  powered  down  at  will. 

Led  by  companies  such  as  Amazon,  vendors 
are  building  massively  scalable  server  farms  to 
offer  compute  power,  storage,  business  soft¬ 
ware  and  application  building  platforms  over 
the  Internet, using  self-service  interfaces  that  let 
customers  acquire  resources  at  any  time  they 
want  and  get  rid  of  them  the  instant  they  are 
no  longer  needed.  Private  clouds  deployed  by 
enterprises  for  their  own  users  are  built  along 
the  same  principles,  but  done  so  completely 
within  the  firewall. 

“There  is  a  shift  from  infrastructure  being  a 
capital  expense  to  a  variable  cost,”  said 
Amazon  CTO  Werner  Vogels, during  a  speech  at 
Sys-Con. 

If  you  are  the  founder  of  a  start-up  that  is 


building  an  application  for  Facebook.you  have 
to  prepare  for  the  possibility  of  becoming 
immensely  popular  overnight,  Vogels  said.  But 
you  might  also  fail.  That’s  why  you  need  on- 
demand  access  to  the  power  of  5,000  servers  at 
any  time,  without  having  to  spend  the  money 
up  front. 

Cloud  computing  borrows  concepts  from 
grid  computing,  namely  the  ability  to  harness 
large  collections  of  independent  computing 
resources  to  perform  large  tasks;  and  from  util¬ 
ity  computing,  namely  the  metered  consump¬ 
tion  of  IT  services,  according  to  Kloeckner. 

But  perhaps  the  real  impetus  for  cloud  com¬ 
puting  are  failings  within  the  current  IT  infra¬ 
structure,  Kloeckner  said.  Seven  out  of  10  IT 
dollars  are  spent  on  maintaining  systems,  and 
perhaps  85%  of  capacity  in  distributed  com¬ 
puting  environments  sits  idle  at  any  given  time, 
he  said.  Storage  requirements  are  escalating 
too  quickly  for  many  data  centers  to  keep  up. 

The  basic  message  from  vendors:  Cloud  com¬ 
puting,  while  still  in  its  infancy  is  the  solution  to 
these  problems. 

Still,  there’s  more  work  that  needs  to  be  done 
to  address  the  concerns  customers  have  when 
deciding  whether  to  move  key  applications 
outside  of  their  firewalls.  Ideally  an  application 
built  for  one  cloud  service  should  not  be 
locked  into  that  service  forever.  It  should  move 
freely  from  one  to  another,  or  from  within  an 
enterprise’s  network  to  outside  the  network. 

Some  vendors  are  already  working  on  porta¬ 
bility  An  application  virtualization  company 
called  AppZero  recently  unveiled  technology 
that  moves  server-based  applications  from 
within  the  enterprise  data  center  to  services 
such  as  Amazon’s  Elastic  Compute  Cloud  in 
seconds.  Moving  applications  from  Amazon  to 
another  cloud  provider, such  as  GoGrid,  also  is 
possible  with  the  AppZero  tool  set.  ■ 
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TECH  UPDATE 

M  An  inside  look  at  technologies  and  standards 


Re-perimeterization 

Regaining  app-centric  visibility  and  control 

BY  CHRIS  KING 

Enterprises  need  a  better  way  to  control  software-as-a-service, cloud 
computing,  Web  2.0  and  other  applications  that  are  hosted  outside 
the  enterprise  because  the  traditional  port-based  approach  has 
ceased  to  be  effective. 


Moving  beyond  port-based  traffic  classifica¬ 
tion  isn’t  easy  but  because  the  “threat  industry” 
now  has  application-level  exploits  and  appli¬ 
cations  are  at  the  heart  of  many  data  leaks, 
enterprises  must  rise  to  the  challenge.  Here  are 
the  key  techniques  necessary  to  achieve  appli¬ 
cation  traffic  classification,  how  that  classifica¬ 
tion  can  be  implemented  as  a  set  of  useful 
controls,  and  the  production  requirements  for 
such  an  infrastructure  component. 

Application-centric  traffic  classification  has 
to  deconstruct  traffic  (detect  and  decrypt, 
decode  and  de-tunnel)  to  be  able  to  deduce 
the  application. 

The  first  step  is  detecting  the  application  pro¬ 
tocol  being  used.This  is  not  just  capturing  TCP 
and  port  and  then  assuming  the  application 
protocol,  but  detecting  the  actual  application 
protocol  in  use  (for  example,  HTTP  SMTP). 

This  may  require  decryption.  If  it’s  SSL, 
decrypt  it.  Given  that  forward  proxy  decryption 
of  SSL  is  well  understood,  this  isn’t  a  technical 
challenge.  It  is,  however,  a  sensitive  issue,  so 
handle  with  care.  Once  decrypted,  detect  the 
application  protocol  within.  The  process  of 
decryption  and  detection  slightly  narrows  the 
list  of  potential  applications,  but  more  impor¬ 
tantly  enables  application  protocol  decoding. 

The  second  step  is  decoding  the  application 
protocol.This  enables  several  different  services 
(described  later),  but  most  important  for 
understanding  the  application,  you  need  to 
come  to  grips  with  the  type  of  tunneling  used. 

Tunneling,  in  its  broadest  definition,  can 
include  three  flavors:  encryption,  protocol-in- 
protocol  and  application-mode  switching. 
We’ve  already  discussed  the  importance  of  SSL 
decryption  followed  by  further  detection. 
Protocol-in-protocol,  however,  involves  decod¬ 
ing  the  application  protocol  and  detecting/- 
decoding  again  to  “de-tunnel”  the  application 
traffic  (which  addresses  a  common  practice  — 
instant  messaging  or  peer-to-peer  filesharing 
tunneling  through  HTTP). 

Detecting  mode-switching  is  harder  still. This 
is  where  one  application  substantially  shifts 
functions  —  such  as  when  IM  users  initiate  a 
file  transfer,  or  when  WebEx  participants  initi¬ 
ate  desktop  sharing.  It  is  important  to  under¬ 
stand  that  organizations  may  want  to  enable 
IM  for  close  customer  contact,  but  have  a  dif¬ 


ferent  perspective  on  file  transfers.  The  same 
could  be  said  for  WebEx  —  enable  for  sales¬ 
people,  but  have  concerns  about  desktop  shar¬ 
ing  —  where  critical  information  could  be 
inadvertently  shared  as  well. 

Deduce  the  application 

Now  that  we’ve  deconstructed  the  applica¬ 
tion  traffic  —  that  is,  done  the  decryption, 
detection,  decoding  and  de-tunneling  —  we 
must  deduce  the  specific  application  by  pat¬ 
tern  matching  and  behavioral  analysis. 

For  the  majority  of  applications  we  can  use  a 
signature,  examining  the  unique  attributes  of 
the  deconstructed  application  and  matching  it 
to  a  known  application  pattern.  Every  applica¬ 
tion  has  unique  properties;  99.9%  of  applica¬ 
tions,  if  properly  deconstructed,  can  be  identi¬ 
fied  with  a  signature. 

The  signature  has  to  be  detailed  enough  to 
distinguish  between  the  different  modes  of  the 
application  (as  described  in  the  decoding 
step).  For  those  few  applications  that  resist 
deconstruction,  use  proprietary  encryption,  or 
are  in  some  other  way  signature-resistant,  one 
can  use  a  heuristic  analysis  and  match  that 
against  known  application  behavior. 

The  result  is  visibility  of  specific  applications, 
which  is  extremely  valuable  for  organizations 
when  it  comes  to  understanding  their  environ¬ 
ment,  their  users  and  the  level  of  risk  being 
maintained.  Obviously,  however,  now  that  we 
can  see  the  actual  application  there  is  a  lot 
more  we  can  do. 

Take  control  of  your  network 

Now  that  we  have  established  deconstruc¬ 
tion  and  deduction  as  the  correct  way  to 
understand  applications  (as  opposed  to  the 
wholly  ineffective  approach  used  traditional¬ 
ly),  it  raises  the  question  of  where  in  the  infra¬ 
structure  to  perform  this  task.  As  noted,  ports 
are  meaningless,  so  whatever  is  determining 
the  application  must  “see”  all  of  the  network 
traffic  in  question.  Typically  this  means  all  of 
the  traffic  crossing  a  relevant  trust  boundary 
(inside  vs.  outside,  across  segments),  not  just 
certain  ports  or  protocols. 

But  most  organizations  want  to  go  beyond 
“understanding”  and  start  enforcing  policies 
about  what  sorts  of  applications  should  be 


used.This  is  not  to  say  that  IT  security  groups 
should  get  draconian  about  application  use  — 
many  applications  are  used  for  business  pur¬ 
poses,  and  many  are  used  for  personal  reasons 
—  with  the  blessing  of  the  enterprise.  But  orga¬ 
nizations  should  be  able  to  block  undesirable 
applications  and  safely  enable  desirable  appli¬ 
cations  (allow,  don’t  impede  and  scan  to  pre¬ 
vent  undesirable  content). 

Not  another  appliance 

Today  firewalls  see  all  traffic  crossing  the  trust 
boundary  and  are  in  a  unique  position  to 
enforce  policy  The  thing  that  most  traditional 
network  firewalls  are  missing  is  any  sort  of  rel¬ 
evant  traffic  classification  mechanism  (decon¬ 
struction  and  deduction). 

The  typical  response  from  security  vendors  is 
to  sell  enterprises  yet  another  security  appli¬ 
ance  that  sits  next  to  the  firewall.This  approach 
has  resulted  in  lots  of  complexity  and  addi¬ 
tional  cost.  It  has,  for  many  organizations,  also 
proved  unsustainable  in  a  cost-constrained  yet 
increasingly  regulated  environment. 

The  reality  is  that  this  level  of  classification 
and  control  needs  to  be  done  by  a  device  that 
is  capable  of  both  seeing  all  of  the  traffic  cross¬ 
ing  the  trust  boundary  and  capable  of  exerting 
control  over  that  traffic  —  which,  in  most  orga¬ 
nizations,  is  the  firewall. 

This  will  require  some  reengineering  of  the 
traditional  network  firewall  —  all  of  the  tech¬ 
niques  described  above  will  heavily  tax  exist¬ 
ing  firewall  software  and  hardware.  Simply  bolt¬ 
ing  this  functionality  on  will  result  in  poor  per¬ 
formance.  Some  of  this  can  be  addressed  by 
specialized  hardware,  but  the  classification 
engine  on  the  firewall  must  get  fundamentally 
more  sophisticated. 

Once  you  understand  and  control  the  appli¬ 
cation,  there  are  other  benefits.  Part  2  of  this 
Technology  Update  will  discuss  taking  appli¬ 
cation  visibility  and  control  to  the  next  level  by 
incorporating  users  and  content.  By  focusing 
on  applications,  users  and  content,  network 
and  security  pros  can  focus  on  enabling  the 
business  instead  of  trying  to  make  the  business 
understand  obscure  technical  details. 

King  is  director  of  product  marketing  for  Palo 
Alto  Networks.  He  can  be  reached  at 
cking@paloaltonetworks.  com. 


This  vendor-written  tech  primer  has  been 
edited  by  Network  World  to  eliminate  prod¬ 
uct  promotion,  but  readers  should  note  it 
will  likely  favor  the  submitter's  approach. 
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Analyzing  Twitter  with  Excel,  Part  1 
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GEAR HEAD 

Mark  Gibbs 


xcel  is  one  of  those  programs  with  so  much 
depth  that  there  are  whole  areas  many  of  us 
t  will  never  get  to  grips  with.  One  such  area  is 
Excel’s  support  for  XML  through  the  program’s 
XML  maps  feature.XML  maps  are  a  powerful  tool 
if  you  can  figure  out  how  they  work  so  this  week 
we’re  going  to  do  exactly  that.  Or  at  least,  some¬ 
thing  like  that. 

Let’s  create  a  problem:  You’ve  been  asked  by 
the  CEO  (which  means  you’ve  been  commanded)  to  find  out  whether 
people  are  talking  about  the  company’s  new  product  on  Twitter.  The 
CEO  wants  to  see  daily  “visibility”  reports  because  he’s  hoping  he’ll  get 
a  sense  of  how  effective  the  PR  campaigns  are. 

So,  first  of  all  let’s  check  out  the  Twitter  API  documentation.Twitter  offers 
a  whole  galaxy  of  API  functionality  but  the  interface  that  allows  us  to  grab 
the  public  timeline  only  samples  the  last  20  Tweets  (Twitter  messages), 
which  is  hardly  a  representative  sample.  In  fact,  to  get  direct  access  to  the 
complete  public  timeline  we’d  have  to  make  special  arrangements  with 
Twitter  management, so  let’s  look  for  a  different  strategy 
Twitter  actually  provides  an  API  that  can  simplify  our  problem:  The 
Twitter  Search  API  lets  you  create  a  search  and  generate  an  RSS  feed  for 
a  specific  search. 

So,  let’s  say  that  we’re  the  WowWee  Group  and  we’re  tracking  on  Twitter 
mentions  of  the  Rovio,  the  company’s  Wi-Fi  controlled  robot  camera. 

<digression>  I  must  briefly  applaud  WowWee  for  the  Rovio.  This  is  an 
amazing  toy,  er,  robotics  experimentation  platform  with  a  full  and  rich 
API  and  a  ton  of  slick  technology  You  might ‘need’ one  in  your  office.The 
Rovio  gets  a  5  out  of  5!  </digression> 

If  we  go  to  the  Twitter  Search  service  we  can  try  a  search  for“rovio”and, 
using  the  advanced  search,  ask  for  the  date  range  from  Feb.  1  to  March 


24  (the  logic  for  this  is  that  I’m  writing  this  on  March  24). 

The  result  of  this  search  (http://search.twitter.com/search.atom? 
q=+rovio+since%3A2009-02-01+until%3A2009-03-24)  will  be,  by  default,  a 
list  of  the  last  15  items.  If  you  change  this  in  the  advanced  search  dialog 
to, say,  the  maximum  of  50  (which  is  odd  as  the  documentation  says  that 
the  maximum  is  actually  100)  the  new  default  will  be  defined  by  a  cook¬ 
ie  setting  and  this  leads  to  a  problem. 

While  the  resultant  RSS  feed  will  list  the  correct  number  of  items  when 
we  access  it  from  our  browser  (the  cookie  will  be  returned  defining  the 
number  of  items),  we  need  a  real  search  URL  that  can  run  from  any 
process  without  needing  the  cookie  data.  This  requires  we  modify  the 
search  URL  from: 

http://search. twitter.com/search. atom?q=+rovio+since%3A2009-02- 
0  l+until%3A2009-03-24 

to: 

http://search. twitter.com/search. atom?q=rovio&since%3A2009-02- 
0 1  &until%3A20094)3-24&rpp=50&page=l 

I  replaced  all  of  the  “+”  signs  separating  the  arguments  (which  do  not 
conform  to  URL  encoding  standards)  with  ampersands  (“&”-  the  more 
usual  argument  separator  for  HTTP  requests), added  the  results  per  page 
(rpp),and  added  a  page  argument  of  1. 

Before  you  ask,  no,  I  have  no  idea  why  I  couldn’t  have  appended 
“+rpp=50”  in  the  Twitter  search  URL,  but  there  we  have  it  —  the  wonders 
of  Twitter’s  documentation  (or  rather  lack  of  it)  and  the  search  interface. 

Anyway  now  we  have  a  way  of  requesting  an  Atom  formatted  RSS 
feed  and  we’re  ready  to  access  and  analyze  the  data  using  Excel  . . . 
which  we’ll  start  on  next  week. 

Gibbs  excels  in  Ventura,  Calif.  Tell  him  how  you  exceed  at 
gearhead@gibbs.  com. 
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The  scoop:  FreeAgent  Theater  HD  media 
player,  by  Seagate,  about  $230  (version  tested 
included  250GB  hard  drive). 

What  it  is:  Seagate  is  best  known  for  its  hard 
drive  technology  and  it  moves  into  the  enter¬ 
tainment  space  with  this  device,  which  acts  as  a 
liaison  between  its  FreeAgent  Go  portable  hard 
drive  devices  and  a  video  display  such  as  a  TV  or 
projector. 

The  device  includes  a  docking  slot  that  lets  you  attach  the 
FreeAgent  drive,  and  multiple  video  outputs  are  supported, 
including  composite  and  component  ports  (the  device 
comes  with  composite  cables,  if  you  want  high-defi-  > 
nition  viewing  you  have  to  go  buy  your  own  cable) . 

After  transferring  media  from  a  PC  (photos,  video 
files  and  music)  to  the  FreeAgent  device,  you  can 
view  the  content  on  the  TV  once  the  drive  is  con¬ 
nected  to  the  FreeAgent  Theater  unit. 

A  USB  slot  is  included  to  let  you  connect  other 
devices  to  the  unit,  such  as  a  USB  flash  drive,  digi¬ 
tal  camera  (with  USB  storage  support)  or  other 
USB-connected  external  hard  drives.  The  unit 
comes  with  a  remote  control  for  playback  of  your 
music,  photos  or  videos. 

Why  it’s  cool:  The  main  pitch  from  Seagate  is  to 
provide  users  with  a  way  to  view  their  photos,  listen  to  their  music  or 
watch  videos  on  a  larger  display  without  having  everyone  crowd  around 
a  computer  screen.  It’s  also  a  way  for  Seagate  to  tell  its  customers:  Enjoy 
your  content,  don’t  just  store  it. 

I’ve  seen  several  devices  like  this  over  the  years,  and  enjoyment  of  it 
depends  on  how  often  you  want  to  view  photos,  listen  to  music  or  watch 
slideshows  (photos  combined  with  music)  on  your  TV  Another  good 


An 

undoc¬ 
umented  way 
of  using  the  Free 
Agent  Theater  gave 
a  higher  score. 


use  for  this  is  for  parents  —  they  can  buy  a  FreeAgent  Theater  system  for 
grandma,  then  keep  sending  hard  drives  packed  with  photos  and  videos, 
avoiding  online  photo  sharing  and  other  methods. 

Some  caveats:  The  remote  control  is  just  awful.  The  buttons  are  too 
small  and  bunched  too  close  together,  which  caused  many  re-attempts 
with  the  navigation  through  the  system’s  menus.  The  buttons  were  also 
over-sensitive,  causing  more  re-attempts.Video  file  support  was  spotty  — 
the  system  couldn’t  play  my  .MOV  (QuickTime)  and  MPEG-4  home 
videos.  The  system  supports  MPEG-4,  but  only  AVI,  DivX  or  Xvid  ver¬ 
sions.  Many  users  may  be  disappointed  that  they  won’t  be 
able  to  view  their  home  videos  with  this  system 

The  “dirty  little  secret”:While  this  isn’t  in  any 
of  the  official  Seagate  marketing  material,  I 
have  a  suspicion  that  the  system  is  designed 
for  users  who  want  to  watch  DVD  movies  that 
they’ve  transferred  to  the  hard  drive  instead  of 
home  videos.  For  example,  the  Theater  unit 
includes  Dolby  Digital  5.1  audio  and  high-definition 
video  (up  to  1080i)  support.  The  remote  control 
includes  buttons  such  as  Angle,  Subtitle,  Movie  and  Audio, 
something  you’d  normally  see  on  a  DVD  remote.  While  you 
jj.  can  certainly  create  DVDs  with  these  options  for  your  home 
movies  —  we  all  know  these  options  are  for  watching  commercial 
DVDs.  When  used  in  this  manner,  the  FreeAgent  Theater  got  a  whole 
lot  better,  and  I  appreciated  the  high-definition  video  and  Dolby 
Digital  audio  support. 

Bottom  line:  It’s  up  to  the  user  to  decide  whether  to  go  into  the  gray 
area  of  putting  DVD  movies  onto  a  hard  drive  —  but  if  they  do,  the 
FreeAgent  Theater  certainly  will  provide  a  good  viewing  experience. 

Grade:  ★★  (“angel”  usage);  ★★★★  (“li’l  devil”  usage)  out  of  5. 

Shaw  can  be  reached  at  kshaw@nww.com. 
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number  of  college  students  pursuing 
ill  Lt  computer  science  degrees  at  U.S.  uni- 
V  |  j  I  |  K  versities  rose  in  2008  for  the  first  time  in 
six  years,  according  to  a  recently 
released  study  Academia  and  policymakers  are  hailing 
the  news,  but  the  question  facing  CIOs  and  others  in 
charge  of  IT  hiring  is:  How  much  do  computer  science 
degrees  matter? 

Do  companies  need  employees  with  the  deep  technical 
skills  developed  through  computer  science  and  software 
engineering  degrees,  or  are  they  better  off  hiring  tech-smart 
business  majors? 

Not  surprisingly,  computer  science  educators,  software 
companies  and  hardware  manufacturers  are  adamant 
about  the  need  for  computer  science  majors  to  drive  inno¬ 
vation  at  U.S.  tech  companies.  The  dearth  of  U.S.  computer 
science  graduates  is  forcing  companies  to  look  offshore  for 
qualified  people,  they  argue. 

“Not  having  enough  computer  science  majors  has  seri¬ 
ous  repercussions  for  our  competitiveness,”  says  professor 
Cary  Laxer,  head  of  computer  science  and  software  engi¬ 
neering  at  Rose-Hulman  Institute  of  Technology  “There  are 
a  large  number  of  Chinese  students  and  Indian  students 
who  are  very  very  interested  in  doing  this  work.  We’re  going 
to  lose  our  competitive  edge  as  a  country  if  we  don't  turn 
out  more  software  engineers.” 

But  CIOs  and  IT  staffing  firms  say  the  skills  they  need  most 
are  collaboration,  problem  solving  and  communications  - 
all  of  which  can  be  developed  by  any  motivated  college 
student.  After  all,  today's  tech-sawy  Millennials  have 
wireless  and  social  media  technologies  integrat¬ 
ed  into  their  lifestyles  and  grasp  how  to 
exploit  them  far  better  than  their  40-some- 
thing  bosses. 

“Computer  science  degrees  mattered  a 


center.  But  the  job  of  being  in  IT  has  completely  changed. 
The  huge  IT  budgets  are  not  even  under  CIOs;  they’re 
under  the  lines  of  business,”  says  David  Foote,  CEO  of 
Foote  Partners,  which  conducts  a  quarterly  survey  of  IT 
skills  and  pay.  “This  has  brought  in  a  whole  new  group  of 
IT  skills  that  come  out  of  mathematics,  economics,  busi¬ 
ness  and  marketing.” 


lot  20  or  1 5  years  ago,  when  IT  was  a  cost 
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Computer  Science  enrollments  are  increasing 

On  March  17,  The  Computing  Research  Association 
issued  its  annual  report  on  the  number  of  college  students 
pursuing  computer  science  bachelor’s  degrees  at  U.S.  uni- 
versities.The  numbers  have  shown  a  sharp  decline  through¬ 
out  the  decade. 

In  the  fall  of  2000,  there  were  around  16,000  newly 
declared  computer  science  majors. That  figure  dropped  by 
half  after  the  dot-com  bust,  bottoming  out  at  8,000  for  the 
last  two  years.  But  in  2008,  there  was  an  8. 1%  increase. 

Having  enough  computer  science  and  software  engi¬ 
neering  majors  is  critical  for  U.S.  tech  companies,  which  say 
they  need  to  hire  undergraduates  with  deep  technical  skills 
and  practical  programming  experience. 

“For  our  software  engineering  roles,  we  tend  to  look  for 
people  with  a  strong  computer  science  background  who 
have  experience  with  programming,”  says  Yvonne  Agyei, 
director  of  Talent  and  Outreach  Programs  in  Google’s 
People  Operations  Department.  “We  need  core  program¬ 
ming  skills,  algorithm  skills  and  quantitative  analysis. 

We’re  looking  for  people  who  have  majored  in  com¬ 
puter  science  or  engineering  or  sometimes  math 
or  physics.” 

Agyei  says  Google  hires  computer-sawy 
business  majors  for  other  departments,  but 
not  software  engineering. 

“In  addition  to  software  engineering 
roles,  we  have  roles  within  business,  with- 
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Cotal  enrollments  per  computer  science  department 
increased  6.2%  in  2008.  For  the  first  time  in  six  years,  the  number  of 
computer  science  majors  increased. 


SOURCE:  COMPUTING  RESEARCH  ASSOCIATION 


in  legal,  within  finance  where  having  a  facility  for  technol¬ 
ogy  and  a  passion  for  technology  are  important,”  Agyei 
says.  “It  helps  if  they  have  familiarity  with  our  products. 

Having  that  knowledge  is  really  important  regardless  of 
what  aspect  of  the  business  you  go  into.” 

Even  with  this  year's  rise  in  computer  science  majors, 

U.S.  tech  companies  say  there  are  still  not  enough  com¬ 
puter  scientists  and  engineers  to  fill  all  of  their  open  jobs. 

That's  why  tech  companies  and  CIOs  often  hire  computer- 
savvy  business  majors  instead. 

IBM  pushes  computer  training  to  business  majors 

In  2004,  IBM  responded  to  the  drop  in  computer  science 
degrees  by  creating  the  IBM  Academic  Initiative,  which 
provides  free  software,  training  and  tools  to  college  profes¬ 
sors  across  disciplines  rather  than  computer  science  departments.  IBM 
is  working  with  more  than  9,000  college  faculty  worldwide  and  around 
900,000  students. 

“As  companies  have  a  greater  and  greater  need  for  computers,  com¬ 
munications  and  software,  there’s  been  a  decline  in  students  going  into 
IT.... The  consequence  is  the  supply  and  demand  are  not  in  balance,” 
says  Kevin  Faughnan,  director  of  IBM's  Academic  Initiative. 

IBM’s  goal  with  the  Academic  Initiative  is  to  encourage  college  stu¬ 
dents  to  become  more  familiar  with  IT  and  how  to  apply  it  across  indus¬ 
tries.  With  this  initiative,  IBM  is  focusing  on  strengthening  the  technical 
underpinning  of  business  majors  rather  than  encouraging  more  com¬ 
puter  science  majors. 

“The  business  students  don’t  have  the  computer  science  skills  -  intro 
to  data  management  or  Web  2.0  -  because  it's  not  part  of  their  major” 
Faughnan  says.  “We  try  to  encourage  faculty  to  be  more  interdiscipli¬ 
nary’ 

As  part  of  its  initiative,  IBM  has  provided  100-plus  universities  with 
Innov8,  a  simulation  game  that  teaches  business  process  modeling 

“It’s  incumbent  on  business  schools  to  integrate  technology  into  the 
curriculum,”  Faughnan  says.“I  think  of  technology  not  so  much  as  com¬ 
puter  science  majors,  but  as  a  horizontal  skill  that  can  be  applied  across 
disciplines.  For  example,  you  can’t  do  marketing  these  days  without 
data  mining.” 

CIOs  say  they  are  hiring  more  business  majors  with  IT  experience 
than  computer  science  majors. 

Henry  Eckstein,  senior  vice  president  of  strategy  technology  at  York 
Insurance  Services  Group,  says  only  10%  of  the  members  of  his  50-per¬ 
son  IT  shop  have  computer  science  or  software  engineering  degrees. 
Most  of  those  employees  are  from  Russia. 

Eckstein  says  that  when  he  is  making  a  hiring  decision,  he  weighs 
experience  first,  IT  certifications  second  and  college  degrees  third. 

“If  I  look  at  a  candidate,  and  I  see  that  they  have  a  computer  science 
major,  that  is  going  to  influence  my  decision  if  I'm  looking  for  a  newer, 
low-end  candidate. . . .At  least  I’ll  know  they  have  had  good  training  and 
discipline,”  Eckstein  says.“But  it’s  not  going  to  be  a  show-stopper  for  me 
if  someone  doesn’t  have  a  computer  science  degree.  Particularly  if  I’m 
looking  for  developers,  I’m  looking  at  what  skill  sets  they  have,  how 
many  years  of  experience  and  their  knowledge  of  the  subject  matter’’ 
When  CIOs  are  surveyed  about  the  top  skills  they  are  looking  for  in 
entry-  and  mid-level  employees,  they  cite  few  technical  skills.  Instead, 
their  top  concerns  are  ethics,  critical  thinking,  collaboration,  problem¬ 
solving  and  communication  skills,  according  to  the  2008  CIO  survey 
compiled  by  the  Society  for  Information  Management.  The  technical 
skills  that  are  in  demand  -  programming,  database  and  system  analysis 
-  are  ranked  10  or  lower  on  CIOs’  priority  list. 

“You  don’t  have  to  have  a  computer  science  degree  to  get  an  entry- 
level  job  in  IT’  says  professor  Jerry  Luftman,  executive  director  of  the 


School  of  Technology  Management  at  Stevens  Institute  of  Technology 
Luftman  compiles  SIM’s  annual  CIO  survey.“When  CIOs  are  asked  what 
skills  they  are  looking  for  in  entry-level  and  mid-level  people,  it’s  clear 
that. .  .technical  skills  aren’t  that  critical,” he  says. 

Luftman  says  computer  science  majors  and  engineers  make  for  “very 
very  good  IT  professionals”  because  of  their  critical  thinking  skills  and 
logical  analysis.  But  he  says  business  and  information  systems  majors 
can  be  valuable  employees,  too,  because  they  balance  technical  skills 
with  business,  collaboration  and  communications  skills. 

“During  this  downturn,  IT  is  being  asked  to  work  with  its  business  part¬ 
ners  to  identify  opportunities  to  leverage  IT  to  improve  processes  and 
to  improve  productivity;’ Luftman  says.“My  advice  to  Generation  X  and 
Generation  Y... is  to  make  sure  you  have  a  good  balance  of  technical 
and  business  skills.” 

Ideal  candidates  are  well-rounded 

Stephen  Pickett,  a  past  president  of  SIM  and  an  auto  industry  CIO,  says 
a  lack  of  computer  science  majors  is  a  problem  for  CIOs.  That’s  why 
SIM's  local  chapters  have  been  working  with  business  schools  to 
improve  their  technical  offerings  and  with  computer  science  schools  to 
improve  their  business  courses. 

“We  don’t  necessarily  need  a  computer  science  graduate.  A  business 
graduate  with  a  strong  computer  science  curriculum  can  work  out  in  a 
lot  of  cases,”  Pickett  says.  “In  computer  science  schools,  we  try  to  add 
business  curriculum  so  we  can  get  a  more  well-rounded  student  com¬ 
ing  out.” 

Pickett  says  MIS  degrees  are  a  good  match  of  IT  and  business  skills.  It’s 
not  enough,  he  adds,  to  be  a  computer  hobbyist. 

“The  things  we  need  are  project  management  experience  and  busi¬ 
ness  process  evaluation  .You  don’t  get  those  from  knowing  the  applica¬ 
tions  on  your  desktop,”  Pickett  adds.“College  grads  who  can  look  at  a 
business  process  and  find  out  how  to  improve  it  -  those  people  are 
going  to  be  popular? 

Striking  the  right  balance  between  technical  skills  and  business 
knowledge  will  be  more  critical  given  the  global  economic  meltdown, 
Pickett  says. 

“In  a  downturn,  it’s  even  more  important  to  get  people  who  can  solve 
business  problems  because  the  business  problems  are  much  more  dif¬ 
ficult  to  solve,”  Pickett  says.  “You  have  to  solve  the  problem  without  sig¬ 
nificant  business  resources.You  have  to  have  technical  knowledge, busi¬ 
ness  knowledge  and  lots  of  imagination.” 

Foote  says  he  would  counsel  a  high  school  student  to  think  carefully 
about  where  in  the  business  they  would  like  to  work. 

“The  question  is:  Do  you  want  to  be  a  techie,  propeller  head  guy  and 
work  in  the  bowels  of  an  organization  and  work  on. .  .all  the  infrastruc¬ 
ture  jobs,  or  do  you  want  to  be  out  in  front  working  on  applications?” 
Foote  says.“If  you  want  to  be  more  out  in  front, you  might  want  to  work 

See  Computer  science,  page  26 


*  PCtU‘5  ago ,  the  kids  we  would  get  into  our  program  would  be  very, 

very  nerdy,  and  we  added  requirements  into  our  program  to  force  them  to  be  broader. 

Today,  we  have  the  opposite  problem  because  people  have  the  tendency  to  be  dabblers.  We  want  them  to  be  deep  and  broad.” 

.  PETER  LEE,  PROFESSOR,  HEAD  OF  THE  COMPUTER  SCIENCE  DEPARTMENT,  CARNEGIE  MELLON  UNIVERSITY. 
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Computer  science  continued  from  page  24 

in  HR  or  finance  or  whatever  area  of  the  business  interests  you  most.You 
also  want  to  look  at  the  industry  -  casinos,  insurance,  whatever,  and  fig¬ 
ure  out  what  products  and  services  you  are  interested  in.” 

Foote  recommends  students  majoring  in  math  or  business  pursue  a 
minor  in  computer  science.That  gives  you  a  much  more  forward-look¬ 
ing  view  of  IT,  and  it  gives  you  more  options,”  he  says. 

Computer  science  departments  adapt  to  new  realities 

Computer  science  educators  claim  the  propeller-head  image  is  an 
old-fashioned  way  of  viewing  their  programs. 

“There’s  a  perception  propagated  by  the  media  that  being  a  comput¬ 
er  science  major  means  you  work  in  the  bowels  of  the  organization, 
coding  in  front  of  a  terminal  24  by  7,  eating  potato  chips  and  drinking 
Mountain  Dewfsays  professor  Lenny  Pitt, director  of  undergraduate  pro¬ 
grams  in  the  Department  of  Computer  Science  at  the  University  of 
Illinois  at  Urbana-Champaign.“This  is  far  from  the  truth.  Our  graduates 
are  working  as  a  bridge  between  management  and  technical  people. 
They  are  doing  technical  writing, software  testing  and  usability’ 

In  light  of  declining  enrollments  this  decade,  top  computer  science 
schools  such  as  the  University  of  Illinois  have  retooled  their  curriculums 
to  embrace  soft  skills  such  as  collaboration  and  communication.These 
departments  are  focused  on  graduating  well-rounded  students  who  can 
explain  complex  technical  issues  in  laymen’s  terms. 

“The  decline  in  enrollments  over  the  last  six  years  has  forced  profes¬ 
sors  to  think  about  what  we  are  teaching  computer  science  students 
and  to  make  sure  we  are  giving  them  the  skills  they  need  to  be  suc¬ 
cessful,  like  collaborative  learning  and  working  as  part  of  a  team,"  says 
Peter  Harsha,  director  of  government  affairs  with  CRA. 

Carnegie  Mellon  University  emphasizes  teamwork  and  collaboration 
in  its  computer  science  program,  which  requires  technical  communi¬ 
cations  courses.  Students  also  are  required  to  take  courses  in  the 
humanities  and  to  pursue  a  minor  in  a  non-computing  field  such  as  a 
foreign  language. 

“Twenty  years  ago,  the  kids  we  would  get  into  our  program  would  be 
very  very  nerdy  and  we  added  requirements  into  our  program  to  force 
them  to  be  broader’’  says  professor  Peter  Lee,  head  of  the  Computer 
Science  Department  at  Carnegie  Mellon  University  “Today,  we  have  the 
opposite  problem  because  people  have  the  tendency  to  be  dabblers. 
We  want  them  to  be  deep  and  broad.” 

Carnegie  Mellon's  strategy  seems  to  be  working.  Last  year,  70%  of 
Carnegie  Mellon's  computer  science  graduates  went  to  work  for  indus¬ 
try  including  IT  vendors  such  as  Microsoft  and  Google  and  IT  users 
such  as  Bloomberg  and  Goldman  Sachs.  The  other  30%  went  to 
graduate  school. 

“Where  we  see  the  demand  and  the  high  salaries  are 
for  the  people  with  deep  technical  software  skills,”  Lee 
says.  “These  students  aren’t  just  computer  savvy  and 
able  to  manage  an  IT  operation. They  actually  under¬ 
stand  software  issues  and  can  engineer  software. 

Those  are  the  people  the  recruiters  want.” 

Lee  predicts  that  computer  science  majors  will 
remain  in  demand  because  industry  is  becoming 
more  dependent  on  data-intensive  computing  and 
data  mining. 

“Companies  face  a  broad  range  of  issues  from  man¬ 
aging  large  amounts  of  data  and  being  able  to  process 
it  and  extract  knowledge  from  that  data,”  Lee  says. 

Companies  such  as  Walmart  and  Google  are  looking 
for  us  “to  produce  graduates  with  the  understanding 
and  skill  to  cope  with  the  new  world  of  data-intensive 
computing.” 

Rose-Hulman  also  requires  its  computer  science 
and  software  engineering  students  to  take  humanities 
courses  including  technical  communications  and  to 
give  frequent  oral  presentations.  Laxer  says  Rose- 
Hulman  has  put  more  emphasis  on  humanities  cours¬ 
es  over  the  last  four  or  five  years,  as  enrollment  in  com¬ 
puter  science  and  software  engineering  declined 
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around  15%. 

“As  I’ve  talked  to  recruiters  on  campus,  they  tell  me  that  they  don’t  ques¬ 
tion  the  technical  ability  of  our  students.They  know  they  are  technically 
competent.  It’s  the  other  issues  -  leadership  of  student  organizations, 
communication  skills  -  that  come  out  during  interviews,”  Laxer  says. 

Enrollment  in  Rose-Hulman’s  computer  science  and  software  engi¬ 
neering  program  is  up  this  year,  with  50  freshmen  -  the  largest  group  in 
four  years. “I’m  hoping  that  it’s  a  turnaround,  but  one  year  does  not  a 
trend  make,”  Laxer  says. 

He  argues  that  computer  science  majors  have  much  to  offer  CIO 
shops  as  well  as  IT  vendors. 

“If  you’re  a  business  major,  you’re  learning  how  to  use  tools  like  word 
processing  and  spreadsheets  but  you’re  not  writing  those  tools. 
Companies  need  people  who  can  write  IT  tools  or  take  existing  tools 
and  modify  them,  and  those  are  the  kinds  of  things  computer  science 
and  software  engineering  majors  can  tackle,"  Laxer  says. 

Cutting-edge  companies  need  computer  science  majors, according  to 
professor  Michael  Heath,  the  interim  head  of  the  Department  of 
Computer  Science  at  the  University  of  Illinois  at  Urbana-Champaign. 
Heath  says  enrollment  in  this  program  has  risen  15%  in  each  of  the  last 
two  years. 

“There’s  no  substitute  for  the  in-depth  technical  education  that  our 
computer  science  majors  get,”  Heath  says.“They  learn  problem  solving. 
They  learn  technology  We  emphasize  a  foundational  kind  of  education 
that  prepares  them  to  change  with  technology 

In  recent  years,  the  University  of  Illinois  has  added  industrial-spon¬ 
sored  senior  projects,  teamwork, communications  and  ethics  courses  to 
its  computer  science  curriculum.  But  professors  say  that  college 
recruiters  are  attracted  by  the  technical  skills  that  graduates  have. 

“I  would  agree  that  communications,  interpersonal  skills  and  those 
sorts  of  things  are  extremely  crucial  to  career  success.  And  you  can 
develop  those  in  any  major’’  Heath  says.“But  tech  companies  aren’t  hir¬ 
ing  English  majors  and  history  majors.  They’re  hiring  technically 
trained,  problem-solving  computer  science  majors.  So  you  have  to  take 
some  of  that  [demand  for  soft  skills]  with  a  grain  of  salt.” 

Recipe  for  success 

Ultimately,  CIOs  need  both  strong  technical  skills  and  business-orient¬ 
ed  workers  who  are  computer  savvy  to  run  their  IT  shops.  And  regard¬ 
less  of  major,  they  need  employees  who  are  well  rounded. 

“We  are  looking  for  the  deep  technical  skills,  but  at  the  same  time  we 
value  diversity  -  diversity  of  background,  diversity  of  experience,  people 
who  speak  different  languages,”  Google’s  Agyei  says.“We’re  looking 
for  people  who  can  communicate.  A  lot  of  our  work  is  done 
in  small  teams,  so  we’re  looking  for  people  who  can 
work  with  others,  who’ve  done  joint  projects  with  oth¬ 
ers  or  participated  in  programming  competitions  that 
are  team-based. The  other  thing  we  look  for  is  people 
who  have  other  passions,  who  aren’t  just  program¬ 
mers,  who  are  interested  in  music  or  athletics  or  are 
engaged  in  their  communities.” 

A  Microsoft  spokesperson  agreed  that  the  company 
is  looking  for  a  broad  set  of  skills  in  its  hires. 

“The  common  threads  that  attract  us  to  candidates 
are  a  passion  for  technology;  desire  to  make  an 
impact  by  innovating  on  cutting-edge  technology; 
commitment  to  challenging  and  rewarding  work; 
dedication  to  growing  skills  with  an  industry  leader; 
ability  to  collaborate  across  teams  to  solve  hard  prob¬ 
lems,  and  interest  in  working  side-by-side  with  an 
amazing  breadth  of  the  best  and  the  brightest  in  the 
industry  the  spokesperson  said  in  a  statement. 


Jobs  are  still  available  if  you  have  expertise 
and  certifications  in  these  areas. 
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SH|T||  Ij  steady  Most  CIOs  are  maintaining  their 
#•  V  *  V  current  staffing  levels,  while  a  few  are  hir¬ 
ing  specialists  with  particular  IT  skills.  Here’s  our  list  a  list  of  10 
tech  skills  that  are  still  in  demand: 


Foote  says,  adding  that  many  federal  jobs  are  available  for  information  security  spe¬ 
cialists  with  government  security  clearances 
Demand  for  security  specialists  is  likely  to  remain  strong  because  few  teens  are  enter¬ 
ing  the  field.  Professor  Peter  Lee,  head  of  the  Computer  Science  Department  at  Carnegie 
Mellon  University,  sees  a  shortage  in  students  studying  security-related  topics, 


1.  BUSINESS  PROCESS  MODELING 


6.  PROJECT  MANAGEMENT 


Business  process  management,  methodology  and  modeling  is  one  of  the  few  IT  nich¬ 
es  that  saw  pay  gains  in  the  fourth  quarter  of  2008,  according  to  the  quarterly  IT 
salary  survey  compiled  by  Foote  Partners.  In  particular,  companies  were  willing  to  pay 
for  workers  with  ITIL  IT  best  practices  and  CobiT  IT  governance  experience.  Pay  for 
these  skills  was  up  10.3%  from  a  year  ago  and  5.6%  from  the  previous  quarter,  the 
Foote  report  says. 

Kevin  Faughnan,  director  of  IBM's  Academic  Initiative,  says  business  process  mod¬ 
eling  is  one  of  the  key  skills  that  business  majors  should  be  studying.  It's  about  how 
does  our  business  work,  what  are  the  business  processes  and  how  do  we  analyze 
them,"  Faughnan  says. 


The  Project  Management  Professional  certification  remains  in  demand,  the  Foote 
report  says.  Even  more  important  is  experience  managing  complex  IT  projects  and 
delivering  results  on  time  and  on  or  under  budget. 

SIM's  2008  CIO  survey  listed  project  leadership  as  one  of  the  top  10  skills  needed 
for  mid-level  employees. 

“Project  management  skills  are  going  to  be  more  important  over  the  next  few 
years,"  says  Henry  Eckstein,  senior  vice  president  of  strategic  technology  at  York 
Insurance  Services  Group.  Eckstein  oversees  a  50-person  IT  shop.  “We  have  set  up 
a  corporate  project  management  office.  We  are  working  on  changing  the  corporate 
culture  to  do  more  project  management  and  more  IT  governance,  he  says. 


2.  DATABASE 

Database  expertise  is  another  area  where  pay  is  on  the  rise,  up  2.9%  in  the  last 
quarter,  the  Foote  report  says.  Companies  are  looking  for  IT  workers  with  experience 
in  Microsoft  SQL  Server  and  the  Oracle  Developer  Suite.  They're  also  willing  to  pay  for 
workers  with  database  certifications  such  as  the  Oracle  DBA  Administrator  Certified 
Master,  the  Teradata  Certified  Master,  Certified  Application  Developer  and  Certified 
Design  Architect,  the  Foote  report  says. 

Similarly,  a  2008  CIO  survey  conducted  by  the  Society  for  Information  Management 
listed  database  skills  as  among  the  top  skills  for  entry-level  employees.  Experience 
with  databases  was  one  of  only  four  technical  skills  listed  by  CIOs,  who  favored  col¬ 
laboration,  problem  solving  and  communication  in  hiring  recent  college  graduates. 

3.  MESSAGING/COMMUNICATIONS 

Messaging  and  communications  is  the  only  other  skill  set  that  experienced  a  pay 
increase  in  the  fourth  quarter  of  2008,  the  Foote  report  says.  Companies  are  partic¬ 
ularly  interested  in  hiring  employees  with  experience  in  unified  communications  and 
messaging  systems,  which  was  among  the  highest  paying  IT  skills  in  the  Foote  report. 
VoIP  and  IP  telephony  also  ranked  among  the  highest  paying  skills. 

4.  IT  ARCHITECTURE 

CIOs  are  paying  less  for  IT  certifications  than  they  did  three  years  ago,  but  there 
are  a  few  exceptions  to  this  rule.  One  of  them  is  IT  architecture,  which  has  seen  a 
10%  rise  in  the  value  of  certifications  during  the  past  year,  the  Foote  report  says. 

Foote  says  companies  are  looking  to  hire  enterprise  architects  as  well  as  system, 
network,  application,  data,  information  and  security  architects.  Among  the  certifica¬ 
tions  rising  in  value  are  EMC  Proven  Professional  Technology  Architect,  Security 
Certified  Network  Architects,  Microsoft  Certified  Architects,  SNIA  Certified  Architects 
and  the  Open  Group's  IT  Certified  Architect. 


7.  DATA  MINING 

Jobs  are  plentiful  for  workers  who  understand  data  mining,  as  well  as  information 
on  demand,  content  management  and  unstructured  information  management. 

“The  world  revolves  around  data.  Anything  you  can  do  to  develop  data  analysis,  data 
mining  and  information  on  demand  skills  is  incredibly  critical,"  IBM’s  Faughnan  says. 

“There's  a  broad  range  of  issues  involved  with  managing  very  large  amounts  of  data 
and  being  able  to  process  it  and  extract  knowledge  from  that  data,"  CMU’s  Lee  says. 
“One  of  the  things  we  are  starting  to  see  from  leading-edge  places  like  Google  is  the 
need  for  graduates  with  the  understanding  and  skill  to  cope  in  the  new  world  of  data- 
intensive  computing." 

8.  WEB  DEVELOPMENT 

Demand  for  employees  with  Web  development  certifications  has  plummeted  in  the 
past  year,  with  the  value  for  certifications  in  this  area  dropping  21.8%  according  to 
the  Foote  report.  However,  experts  say  there  is  still  a  need  for  developers  who  under¬ 
stand  the  latest  Web  trends,  especially  social  media. 

“You've  got  to  learn  to  manipulate  data  on  the  Web,  and  that  includes  Web  2,0. 
Mash-ups  are  becoming  commonplace,"  IBM’s  Faughnan  says. 

SIM's  CIO  survey  listed  programming  and  application  development  skills  as  key  for 
entry-level  employees,  too.  It  was  the  highest  ranked  of  the  technical  skills  listed  by  CIOs. 

9.  IT  OPTIMIZATION 

IT  experts  predict  a  solid  future  for  IT  professionals  with  experience  in  IT  optimiza¬ 
tion,  including  virtualization  and  cloud  computing. 

"Through  software-as-a-service,  through  cloud  computing,  CIOs  may  be  doing  less 
IT  in-house,  but  somebody  is  still  going  to  be  doing  that.  There  will  be  a  demand  for 
more  computer  scientists  in  data  centers,"  says  Josh  James,  director  of  research 
and  industry  analysis  for  TechAmerica. 


5.  IT  SECURITY 

A  slew  of  security  certifications  -  including  the  CompTIA  Security*  GIAC 
Security  Essentials,  Certified  Ethical  Hacker,  GIAC  Certified  Incident  Handler 
and  Check  Point  Certified  Security  Administrator  -  have  increased  in  value 
in  the  past  three  months,  according  to  the  Foote  report. 

“The  value  of  security  skills  is  going  up,  and  jobs  are  pretty  stable," 


10.  NETWORKING 

Although  pay  for  networking  certifications  is  down  over  the  last  six 
months,  many  remain  on  the  list  of  the  IT  certifications  earning  the 
highest  pay  premiums,  according  to  the  Foote  report.  These  include 
certifications  from  Cisco,  the  Storage  Networking  Industry  Association, 
EMC,  Brocade  and  Avaya. 
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A  deep  dive  into  the  hidden  features 

and  impending  benefits  of  IE8,  Firefox, 
Chrome,  Opera  and  Safari 


BY  THOMAS  A.  POWELL,  NETWORK  WORLD  LAB  ALLIANCE 

The  browser  market  is  heating 
up,  with  the  major  players 
poised  to  release  new  ver¬ 
sions  this  spring,  and 
Google  having  entered  the 
mix  with  its  newly  released 
Chrome  browser.  We  analyzed 
beta  code  for  Internet  Explorer  8.0, 
Firefox  3.1,  Opera  10,  Safari  4,  and 
looked  at  Google  Chrome,  and  found 
many  obvious  changes  —  improved 
tabbing  systems,  better  performance, 
privacy  helpers,  integration  with  Web 
applications,  polished  interface  and 
much  more. 

But  there  are  underlying  changes  in 
the  areas  of  security,  networking  and 
development  that  need  to  be  under¬ 
stood  by  IT  professionals  who  support 
users  on  their  networks  or  run  sites 
that  must  accommodate  users  wield¬ 
ing  these  browsers. 


Part  I:  Security 

.  r 

The  dramatic  rise  of  phishing,  malware  and  cross-site  script¬ 
ing  (XSS)  attacks  has  forced  browser  vendors  to  revisit 
security  in  their  offerings.  The  most  recent  generations  of 
browsers  contain  a  number  of  subtle  changes  to  improve 
browser  security.  1E8  in  particular  includes  several  impor¬ 
tant  changes,  but  developers  and  administrators  have  to 
know  they  exist  before  they  can  take  advantage  of  them. 

1 IE8  takes  on  cross-site  scripting 

Internet  Explorer  8  tries  to  help  stem  the  rising  tide  of  XSS  attacks  by 
addressing  what  is  dubbed  a  Type  1  or  non-persistent  XSS  attack.  To 
that  end,  Microsoft  has  added  a  filter  to  IE8  that  looks  at  URLs  for  com¬ 
mon  patterns  such  as  “<script>”  found  in  the  URL  and  then  knocks  it 
down,  often  by  simply  substituting  a  character.  If  such  values  should 
be  legitimately  found  in  a  URL,  it  is  possible  to  disable  the  feature  by 
returning  the  HTTP  header  X-XSS-Protection  with  a  value  of  0  either 
at  the  server  or  application  level. 

There  are  also  small  developer-focused  XSS  preventative  measures 
in  IE8  which  apply  to  the  new  JavaScript  toStaticHTML()  method  that 
can  be  used  to  purify  received  content  that  may  include  malicious 
script  code  in  it.  Making  sure  that  site  developers  sanitize  received  con¬ 
tent  is  a  best  practice  that  should  be  encouraged. 

If  a  Web  site  links  to  another  site’s  JavaScript  or  consume 
received  HTML  or  JavaScript  payloads  with  little  inspection, 
administrators  and  developers  alike  must  realize  that  they  are 
only  as  safe  as  what  is  linked  to.  Given  the  dynamic  nature  of 
JavaScript  there  is  simply  little  end  to  the  kind  of  mischief 
that  can  be  achieved.  Indeed,  the  dark  side  of  Web  2.0  is  a 
naive  blind  trust  of  users  and  Web  services  on  public-facing 
sites,  so  while  these  browser  changes  may  help  address  XSS 
in  some  ways,  ultimately,  they  cannot  solve  the  underlying 
problem  of  not  acknowledging  the  security  relationship  in  the 
first  place. 
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2.  Combating  clickjacking 

To  combat  clickjacking  —  the  process  of  getting  users  to  think  they 
are  clicking  on  one  thing  when  they  are  really  clicking  on  another 
object  hidden  in  an  inline  frame  —  IE8  now  supports  a  new  HTTP 
header  X-FRAME-OPTIONS,  which  instructs  the  browser  the  means 
by  which  it  should  handle  how  the  current  URL  should  be  framed.  For 
example,  a  value  DENY  for  this  header  prevents  content  from  being 
included  in  a  frame, while  a  value  of  SAMEORIGIN  forces  a  rule  that 
states  that  the  URL  of  any  framed  content  must  share  the  same  domain 
as  the  hosting  page. 

Setting  the  X-FRAME-OPTIONS  header  globally  at  the  Web  server 
level  would  reduce  the  likelihood  of  clickjacking  efforts  being  success¬ 
ful.  But  that  solution  assumes  the  protected  user  is  working  in  an  upgrad¬ 
ed  IE8  browser  as  the  feature  is  currently  unique  to  it. 

Another  way  to  help  with  clickjacking  would  be  to  put  a  frame-busting 
JavaScript  in  place  within  pages  that  might  be  clickjacking  targets.While 
this  may  assist  in  mitigating  the  technique  in  some  situations,  it  won't 
cover  all.  It  should  be  noted  that  JavaScript-based  fixes  can  be  overrid¬ 
den  by  a  sophisticated  attacker.  The  advantage,  though,  of  this  lesser 
scheme  doesn't  require  1E8  as  the  browser. 

Getting  the  user  to  install  a  special  (read,  little-known)  plug-in  such  as 
Noscript  for  Firefox  results  in  the  best  clickjacking  protection, but  such  a 
solution  is  unlikely  to  be  used  broadly  and  will  have  potential  conse¬ 
quences  in  limiting  JavaScript  use  even  when  it  is  employed  properly 
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A  prime  example  is  the 
MIME-sniffing  process,  in 
which  Internet  Explorer  looks 
inside  received  responses  and 
attempts  to  address  the  con¬ 
tent  appropriately  with 
regards  to  what  it  sees  in  the 
body  of  the  response,  rather 
than  how  it  is  actually  labeled 
in  the  content-type  header. 

The  problem  is  that  while 
this  process  may  let  develop- 


http://ajaxref.com/chi/plaintort-ieB.php  -  Internet  Explorer  provided  by  Dell 


<html> 

<headxtitle>This  is  che  Title  Tag</titlexY., 
<body> 

<hl>Here  is  an  hi  tag.  Next  we  have  a  HR</h 

<hr  /> 

<strong>Do  you  see  my  tags  or  ay  rendered  te^ 

</body> 

</html> 


HTTP/1.1  200  or 
Data:  Sun,  22  Feb  2009  22:31:2 
Server:  Apaehe/2 .2 . 0 
Cache-Control:  no-cache 
Pra< 


£x-Conte 


[-Con tent -Type -Option*:  noanif 
■pr.-Knmrilng,  TTnw 


Content -Encoding:  gzip 
Content -Length:  162 
Keep-Alive : 


With  IE8,  Web  site  owners  disallow 
MIME-sniffing  practices. 


ers  and  administrators  off  the  hook  in  having  to  understand  what  MIME 
types  and  the  content-type  header  are  used  for  or  configure  them  in 
applications  or  on  servers,  the  result  is  a  window  for  unscrupulous  folks 
on  the  Internet  to  be  able  to  smuggle  content  past  any  security  or  net¬ 
work  filters  that  don't  perform  deep-packet  inspection  because  they 
only  look  at  header  or  file  extension.  When  MIME  smuggling  is  possible, 
XSS  attacks  also  become  possible  in  unexpected  situations,  such  as  a 
response  that  is  stamped  as  an  image,  but  actually  contains  a  malicious 
script  that  then  gets  executed. 

With  IE8  Web  site  managers  and  application  developers  can  turn  off 
MIME  sniffing  by  sending  the  X-Content-Type-Options:  nosniff  in 
responses,  which  should  be  set  by  Web  administrators  globally  in  Web 
server  responses. 


3.  Cross-site  request  forgery  —  old  solutions  still  rule 

Making  sure  that  a  request  coming  in  to  a  Web  server  is  coming  from 
a  previously  delivered  page  is  one  way  to  reduce  clickjacking  and  cross¬ 
site  request  forgery  attacks.  Checking  the  HTTP  referer  header  is  the  tra¬ 
ditional  way  to  do  this,  and  can  be  accomplished  using  server  filters  and 
application  changes. 

Interestingly  using  the  referer  header  does  offer  quite  a  reasonable 
solution,  but  the  fact  that  it  is  often  dumped  for  privacy  reasons  has 
slowed  interest  in  applying  this  defense. 

The  technique,  though,  is  fundamentally  sound,  so  a  new  Origin  head¬ 
er  is  now  emerging  in  the  next-generation  browsers  that  provides  similar 
functionality  but  with  less  privacy  concerns.To  reduce  CSRF  attacks, set¬ 
ting  and  monitoring  what  sites  and  services  can  link  to  their  sites  is  an 
important  task  that  administrators  and  application  developers  should 
address  together. 


4.  MIME  smuggling:  An  on/off  switch  in  IE8 

One  annoying  aspect  of  both  the  existing  and  upcoming  versions  of 
Internet  Explorer  is  that  far  too  often  when  Microsoft  makes  things  easi¬ 
er  for  developers,  it  also  consistently  opens  up  troubling  security  prob¬ 
lems  for  users  and  site  owners. 


-  \t  http:/Jalawef  com/cfr./plante.(t.c*  -j  •  txf 

»«*  H  er 


if  ^  T.»s  tt  the  Title  lag 


-  1  .  mi  an 

jj  .  Gtt  View  HJtory  6«*m»ks  I«*  B* 


Vs  •  '  <£•  «J-  uS 


1  :  Xj  •  El  ’  WH  -  ;  Pw  -  ■  Tools  . 


ere  is  an  hi  tag.  Next  we  have  a  HR 

ow  see  my  tags  or  my  rendered  text? 


<htinl> 

<headxtitle>This  is  the  Title  Tag</title 
<body> 

<hl>Here  is  an  hi  tag.  Next  we  have  a  HR 
<hr  /> 

<strong>Do  you  see  my  tags  or  my  rendered 


Older  browsers  allow  MIME-sniffing 
processes,  which  ease  development, 
but  raise  security  concerns. 
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HTTP/1.1  200  OK 

Data:  Fri,  02  Bai  2007  21:21:31  CHT 
Sarvar:  Apacha/2.2.2  (Unix)  aod_«*l/2. 2. 2  Oj 
Cache -Control :  no-cacha 
Pragaa:  no-cacha 
Contant -Length:  208 


-100 


Connection-  Kaap-Aliva 

Comcent -Type:  text /plain; char *ot-ut f-0 


<he*4>«t Jtle*Tfci*  lx  tha  Tltla  Tag</tlt 
-body* 

<hl*Here  if  an  hi  tag.  Naxt  ve  have 
-hr  /> 

-ftrong>Do  you  faa  ay  tag*  or  ay  randar> 
-/body* 
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Inspect  dear  |[ii  HTML  CSS  IS  XHR  Images  Flash 
Consul*  HTML  CCS  Scrip*  DOM  Net 
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Headers  Respoitse 
Response  Headers 

Date  Fr 1.  02  Bar  2007  21:22:24  CUT 
Server  Apacha/2.2.2  (Unis)  aod_ffl/2. 2. 2  OpanS 
Cache-Control  no-cacha 
Pragma  no-cacha 
Content-Length  208 

Keep-AMve  tlaaout-5,  aax-100 
Connection  Kaap-Al  lva 
Content-Type  taxt/plaln;charfat-ut{-8 
Request  Headers 

Host  ajaxraf .  coa 

User-Agent  notllla/5.0  (Windows;  U;  Windows  NT  S 
Accept  taxt/xal,appllcatlon/xal,appllcatlon/xh 
Accept-Language  on-us .  on;  q-0.  S 
Accept -Encoding  gslp.daflata 
Accept- Char  set  zso-06S9-l,ut f-8;q-0  7, *;q-o. 7 
Keep-Alive  300 
Connection  keep-alive 

Cookie  Coyote-Z-dl(579c0-acl000bb: 0 
Cache-Control  aax-ago-0 


5.  HTTP-only  cookies 

When  XSS  attacks  are  successful,  they  commonly  attempt  to  echo  or 
manipulate  cookies  for  session  hijacking  or  account  login  purposes. 
Firefox  2/3+  and  IE  6  SP1+  support  a  cookie  extension  that  makes  it  illegal 


for  JavaScript  to  read  the  cookie  if  it  is  flagged  with  an  “HTTPOnly”  tag. 

Setting  the  HTTPOnly  tag  in  a  cookie  thwarts  a  rogue  JavaScript  that 
would  typically  be  inserted  in  an  XSS  attack  from  reading  or  changing  a 
cookie,  and  therefore  knocks  down  many  session  hijacking  problems. 

This  isn't  the  newest  technology,  as  it  has  been  supported  since  later 
service  patches  of  IE6,  but  the  more  recent  releases  of  browsers  are 
widely  supporting  the  idea,  and  finally  cleaning  up  small  details.  That 
makes  it  high  time  for  this  relatively  rarely  used  feature  to  be  more  wide¬ 
ly  deployed.  Fortunately  the  change  generally  can  be  configured  global¬ 
ly  in  application  server  settings  and  is  particularly  important  for  session 
cookies. 

6.  Cross-domain  access:  Pandora's  box? 

Traditionally  AJAX  applications  have  not  been  able  to  break  the  same 
origin  security  policy  Here,  a  page  served  from  a  fully  qualified  domain 
name  such  as  www.networkworld.com  can't  call  a  URL  on  another 
domain. The  restriction  is  specific  to  the  point  of  denying  a  domain  that 
does  not  exactly  match  the  string. So,  for  example,  networkworld.com  by 
itself  would  be  off  limits  for  cross-domain  access.  Such  restrictions  are 
quite  purposeful  and  are  there  for  our  safety,  especially  considering  the 
dynamic  nature  of  JavaScript. 

Wily  Web  developers,  though,  want  to  build  client-side  mash-ups  and 
perform  client-side  Web  service  calls  using  various  workarounds  that 

See  Browsers,  page  32 


Your  potential.  Our  passion. 


Microsoft 


... 


Mediterranean  Shipping  Company  has 
discovered  a  new  form  of  energy. 


To  get  the  full  MSC 
story  on  your  phone, 
snap  a  picture  of  this 
tag.  (Requires  a  free 
mobile  app  from 
http://gettag.mobi) 


Mediterranean  Shipping  Company  (MSC)  is  the  second-largest 
container  ship  line  in  the  world,  with  a  database  that  tracks  more 
than  210  billion  transactions  a  year.  The  company  recently  upgraded 
its  database  to  Microsoft'  SQL  Server  2008,  not  only  to  handle  this 
massive  load,  but  also  to  simplify  MSC's  database  administration 
and  help  ensure  high  availability.  Which  is  like  a  new  form  of  energy 
for  MSC.  See  the  whole  story  at  SQLServerEnergy.com 
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Browsers  continued  from  page  30 

range  from  <iframe>  and  Flash  to  <script>  tag-based  communication 
that  at  least  partially  circumvent  this  restriction. 

In  both  Firefox  3.1  and  1E8,  browser  vendors  bend  toward  the  desire  for 
neat  cross-domain  tricks  and  loosen  the  same  origin  policy  by  imple¬ 
menting  the  W3C  specification  for  cross-site  access  control.  Posts  within 
the  WebKit  community  show  that  official  support  for  this  in  Safari  and 
Chrome  is  also  upcoming.  In  Microsoft's  case,  the  XDomainRequest 
(XDR)  object  is  used  to  make  a  cross-domain  request.  Firefox  simply 
uses  the  XMLHttpRequest  itself. 

In  either  case,  sites  receiving  cross-origin  requests  can  return  the 
Access-Control-Allow-Origin  HTTP  header  to  inform  requesting 
URLs  whether  they  are  allowed  to  make  a  cross  origin  call  or  not.The 
mechanism  is  somewhat  similar  to  what  Flash  has  supported  with  the 
crossdomain. xml  file.  Unfortunately,  as  with  Flash,  we  will  likely  see  a 
lot  of  wild-card  values  used  for  cross-origin  requests  regardless  of 
implementation,  which  provides  little  of  the  intended  value  of  such 
technology. 

Developers  and  server  administrators  must  get  together  and  define 
a  cross-origin  policy  for  their  sites  if  they  expose  services.  Also,  out¬ 
bound  cross-origin  requests  must  be  understood  both  by  network  and 
application  development  teams  if  application  security  is  to  stand  any 
chance  of  being  maintained. 

Part  II:  Networking 

While  not  as  abundant  as  security  changes,  there  are 
an  interesting  set  of  features  being  rolled  into  Web 
browsers  to  improve  performance.  Google’s  Chrome 
contains  new  compression  and  request  reduction 
features.  It  is  quite  likely  similar  changes  are  going  to 
be  implemented  widely  as  Web  applications  in  need 
of  speed  take  advantage  of  such  features. 

7.  Two-connection  limit  broken 

Traditionally  HTTP  1.1  compliant  browsers  will  limit  persistent  con¬ 
nections  to  two  per  domain.  IE8  and  Firefox  3+  have  upped  this  limit 
to  six  when  broadband  is  used.  In  non-persistent  connections,  the  val¬ 
ues  are  potentially  much  higher.  The  other  browsers  also  have  mostly 
removed  the  connection  limit  and  thus  the  two-connection  limit  will 
become  a  moot  point. 

These  browser  request  limit  changes  will  have  the  effect  of  poten¬ 
tially  increasing  simultaneous  request  load  on  servers  so  site  admin¬ 
istrators  should  be  more  aware  of  what  their  server  capacity  is,  as  it 
may  take  fewer  users  to  reach  such  limits. 

8.  Precaching  DNS  lookups  and  more 

With  many  sites  using  multiple  scripts  from  other  domains  for  ana¬ 
lytics,  widgets  and  a  wide  variety  of  Web  services,  a  single  page  may 
include  many  more  DNS  look-ups  than  ever  before.  Given  the  variable 
resolution  time  of  domains,  such  look-ups  can  really  slow  a  page  ren¬ 


dering  down.  Both  Chrome  and  FireFox  3.1  have  DNS  pre-resolution 
features  built  into  them. 

Pre-fetching  to  improve  performance  is  not  a  new  idea  in  the  brows¬ 
er  realm.  Firefox  has  long  supported  the  ability  to  pre-fetch  content 
with  an  HTML  tag  like  <link  rel="prefetch"  href="fatimage.jpeg">  or 


an  HTTP  header  such  as  Link:  <fatimage.jpeg>;  rel=prefetch. 
Regardless  of  scheme,  though,  pre-fetching  does  have  the  downside  of 
potentially  performing  network  actions  that  may  not  be  needed. 

Network  administrators  might  see  DNS  query  increases  as  these 
browsers  become  more  popular. The  use  of  content  pre-fetching  tech¬ 
niques  should  be  discussed  with  application  developers  to  ensure 
that  they  are  used  purposefully  to  improve  user  performance  or  are 
limited  in  order  to  preserve  server  and  network  capacity. 

9.  Protocol  changes  on  the  horizon 

Chrome  has  introduced  a  number  of  low-level  features  that  have 
seemed  to  fly  under  the  radar,  but  certainly  need  some  attention  from 
IT  organizations.  First,  Google  implemented  the  bzip2  protocol  for 
transparent  HTTP  compression,  which  has  significant  potential  sav¬ 
ings  for  large  text  payloads  over  the  commonly  employed  gzip  algo¬ 
rithm. 

Chrome  has  also  silently  introduced  the  Shared  Dictionary 
Compression  over  HTTP  (SDCH),  which  is,  coincidentally,  also  found 
in  the  Google  toolbar.  This  protocol  allows  for  a  common  dictionary 
file  to  be  sent  and  pages  automatically  built  from  pieces  of  the  dic¬ 
tionary  that  contain  differences  in  content.  Given  that  Web  documents 
often  share  the  same  HTML  document  template,  CSS  and  JavaScript 
information,  a  differencing-focused  protocol  such  as  SDCH  could  sig¬ 
nificantly  reduce  the  amount  of  repetitive  content  sent  as  subsequent 
pages  are  delivered. 


Google  has  introduced  Share  Dictionary  Compression  with  Chrome  browser. 


Network  administrators  should  explore  newer  compression  and 
request  optimization  schemes  to  improve  site  access  speed  for  users 
and  provide  more  scalability  without  further  hardware  and  network 
investment. 

10.  Off  the  network 

One  of  the  major  changes  introduced  in  recent  browsers  is  the  sup¬ 
port  for  offline  access.  Storing  data  is  the  first  step  in  going  offline. 
Most  of  the  modern  browsers  including  IE8,  Firefox  2+  and  Safari 
implement  the  DOM  storage  mechanism  to  save  a  fairly  large  amount 
of  data  locally.  Safari  even  supports  HTML  5  database  style  storage 
locally  which  is  likely  coming  to  other  HTML  5  focused  browsers 
soon. 

Firefox,  with  improvements  included  inversion  3.1,  also  supports  an 
application  cache.  Both  IE8  and  Firefox  support  the  JavaScript  prop¬ 
erty  navigator.onLine  to  detect  the  connection  state  of  the  browser, 
demonstrating  the  fact  that  soon  browsers  will  not  have  to  rely  on  add¬ 
ons  such  as  Google  Gears  to  work  when  disconnected. 

For  now  there  is  little  for  the  administrator  to  do  in  light  of  the  tech¬ 
nology  changes,  but  these  ideas  foreshadow  that  in  the  not-too-far 
future  the  line  between  Web  and  standard  applications  will  blur  to  the 
point  that  any  application  deployment  and  management  practices  in 
play  will  have  to  apply  to  both. 

See  Browsers,  page  34 
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With  Room  Alert 


No  one  knows  when  or  how  disaster  will  strike.  We  just  know  the 
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Room  Alert  products  monitor  critical  environment  conditions 
like  temperature,  power,  humidity,  flood,  smoke,  room  entry,  air 
flow,  motion  &  more.  It  alerts  staff  by  any  method  &  can  take 
automatic  corrective  action.  There  is  a  model  that  is  right  for  any 
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New  browsers  adhering  to 
the  CSS3  specs  will  give 
users  a  richer  palette. 
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Web  developers  have  long  maligned 
the  Internet  Explorer  browser  family  for 
not  properly  supporting  HTML  and  CSS 
standards.  Workarounds  and  hacks  are 
commonly  required  to  make  IE6  and 
even  IE7  render  some  layouts  properly. 

With  the  introduction  of  IE8  much  of 
these  hacks  will  no  longer  be  needed, 
but  unfortunately,  when  the  newer 

browser  encounters  the  old  "fixes",  page  layouts  may  break.  Microsoft 
provides  the  user  with  a  special  compatibility  mode  button  to  press 
in  case  a  site  doesn't  render  correctly. 

However,  rather  than  force  users  to  fix  your  site,  it  is  better  to  add  a 
patch  until  the  pages  can  be  modified.  An  HTML  tag  such  as  <meta 
http-equiv=”X-UA-Compatible”  content="IE=EmulatelE7">  or  the 
equivalent  HTTP  header  delivered  X-UA-Compatible: 
IE=EmulatelE7  site  wide  will  flip  Explorer  into  another  mode  in  case 
a  site  can't  be  changed  soon  enough. 

Web  server  administrators  are  well  advised  to  consider  looking 
right  away  at  adding  such  a  response  header  globally.  Unless  the  Web 
team  has  made  fixes  to  a  site's  HTML  and  CSS,  an  emergency  request 
for  this  quick  fix  may  be  in  order  when  IE8  is  in  widespread  use. 

12.  CSS  3  preview 

While  Microsoft  was  busy  addressing  older  CSS1  and  2  specifica¬ 
tions,  the  other  browser  vendors  were  quickly  implementing  various 
CSS3  features  including  rounded  corners,  border  images,  multiple 
columns,  drop  shadows,  downloadable  fonts  and  more. 

A  richer  palette  is  on  the  way,  and  because  of  the  use  of  prefixing 
of  rules  -  like  -webkit  and  -moz  on  these  newer  CSS  properties  — 
many  of  the  features  can  be  layered  into  document  for  those  with  the 
latest  technologies  without  affecting  users  hitting  the  same  pages 
with  older  browsers. 

Not  much  impact  here  for  the  administrator  other  than  —  like  other 
users  —  to  enjoy  a  continued  improvement  in  Web  experience  with 
newer  browsers. 
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14.  JavaScript 
of  note 


—  new  features 


Part  of  the  motivation  for  running 
code  faster  is  that  browsers  will  inter¬ 
rupt  long-running  scripts  in  order  to  mit¬ 
igate  possible  browser  lockup.  While 
such  a  safety  net  can  be  useful  given 
how  important  JavaScript  is  becoming, 
limiting  what  you  can  do  with  it  isn't  the 
best  idea.  Firefox  3.1  introduces  the 
concept  of  Web  workers,  which  allow 
JavaScript  developers  to  run  some 
JavaScript  tasks  in  the  background. 
Previously,  if  developers  have  wanted  to 
accomplish  this,  they  would  have  to  pull 
nasty  tricks  or  tap  into  Google  Gears. 

Lesser  discussed,  but  still  important, 
changes  have  been  introduced  to 
JavaScript  at  the  feature  level.  Emerging 
support  for  the  W3C  Selectors  API 
allows  JavaScript  applications  to  use 
CSS  selectors  to  select  DOM  elements 
using  a  method  such  as  document.querySelectorAll().  Native  support 
for  such  DOM  features  will  make  many  JavaScript  libraries  such  as 
jQuery  much  faster.  Likewise,  native  JSON  encode  and  decode  sup¬ 
port  is  found  in  both  IE8  and  Firefox  3.1,  which  not  only  improves  per¬ 
formance  of  some  AJAX  applications  that  rely  on  such  transforma¬ 
tions,  but  may  improve  security  somewhat  as  well. 

Similar  to  the  massive  CSS  changes,  JavaScript  speed  and  feature 
improvements  will  likely  just  make  Web  applications  more  enjoyable  for 
all  as  we  continue  to  march  to  a  Web-focused  application  environment. 

15.  HTML  5  features  today? 

Some  might  characterize  HTML  5  as  a  kitchen  sink  specification.  It 
addresses  the  future  of  markup  in  a  world  barely  interested  in  writing 
valid  markup  now,  let  alone  XML-focused  markup  like  XHTML,  along¬ 
side  Web  application  ideas  ranging  from  offline  usage,  push  commu¬ 
nication  and  drawing. 

Yet,  out  of  this  wild  specification,  useful  features  are  landing  much 
faster  than  most  realize.  Already  Safari  3  and  4  and  Firefox  3.1  support 
multimedia  with  HTML  5’s  <audio>  and  <video>  tags.The  least  HTML 
5-aware  browser,  IE8,  does  support  some  things  like  DOM  Storage  and 
appears  to  happily  coexist  with  emerging  HTML  5  elements  with  sim¬ 
ple  fixes  applied. 

Newer  HTML  5  features  introduce  more  browser  complexity  than 
ever  before  and  lead  to  a  clear  "fat  client"  approach  to  applications. 
Network  administrators  should  be  well  aware  which  of  the  emerging 
features  employed  by  Web  applications  they  need  to  support  as  speed 
and  security  concerns  could  be  undesirable  side  effects  of  their 
introduction. 


13.  JavaScript  —  the  need  for  speed 

Much  has  been  made  of  the  JavaScript  performance  gains  in  new 
browsers.  With  the  exception  of  IE8,  all  are  sporting  new  JavaScript 
engines  with  fun  names  like  V8  in  Chrome,  Squirrelfish  in  Safari, 
Tracernonkey  in  Firefox  3.1  and  Carakan  in  Opera  10. 

Statements  from  Microsoft  suggest  that  after  IE8  launches,  improve 
ments  on  that  front  are  likely  to  be  forthcoming  as  well.  We've  looked  at 
performance  previously,  but  depending  on  the  benchmark  and  the  lat¬ 
est  build,  the  standings  inevitably  change  rapidly  Until  the  dust  starts  to 
settle,  we' 11  simply  state  JavaScript  is  getting  faster  in  every  browser. 

Interestingly  network  administrators  may  enjoy  some  unearned 


Enjoying  the  spoils  of  the  browser  wars 

While  there  is  disruptive  change  ahead  to  contend  with,  the  spoils  of 
the  continuing  browser  wars  go  to  us  —  the  Web  developers  and  site 
administrators.  Slicker  tabs  and  "awesome"  URL  bars  might  be  nice  for 
the  user,  but  seeing  browser  vendors  finally  get  around  to  fixing  and 
improving  browser  security,  network  considerations  and  development 
infrastructure  is  sure  to  pay  more  dividends  in  the  future. 

Powell  is  a  member  of  the  Network  World  Test  Alliance  and  is  an  author 
of  numerous  Web  development  books.  He  can  be  reached  at  tpow- 
ell@pint.com. 
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NEWS  ANALYSIS 


Intel  revamps  server  chip  lineup 


BY  JON  BRODKIN 

Intel  has  finally  unveiled  the  details  of  its 
highly  anticipated  new  Xeon  processors,  a  line 
of  17  chips  for  workstations  and  servers  that 
contain  many  advances  related  to  power  use, 
virtualization  and  speed. 

Code-named  Nehalem,  the  Xeon  3500  and 
Xeon  5500  processors  were  announced  by 
Intel  last  week,  and  vendors  such  as  IBM,  HP 
and  Dell  released  platforms  based  on  the 
chips.  Intel  said  it  shipped  hundreds  of  thou¬ 
sands  of  chips  to  server  makers  in  advance  of 
the  launch,  in  hopes  that  customers  will  clam¬ 
or  for  more  powerful  systems  despite  the  eco¬ 
nomic  downturn.  Intel  calls  this  launch  the 
most  significant  revamp  of  its  server  chip  line 
since  the  1995  release  of  the  Pentium  Pro. 

“We  expect  this  to  be  one  of  the  broadest  roll¬ 
outs  of  new  technologies  and  a  new  platform, 
and  hopefully  a  nice  kick  for  the  economy  for 
people  who  have  been  waiting  to  buy  new 
servers,”  said  Shannon  Poulin,  Xeon  platform 
director  in  Intel’s  Server  Products  Group. 

Even  before  the  chips  were  announced  by 


Intel,  workstation  vendors  such  as  Dell,  Lenovo 
and  Apple  had  announced  products  based  on 
Nehalem.  Dell,  for  example,  released  three 
high-powered  workstations  with  as  many  as 
eight  cores,  while  crediting  Intel  with  various 
innovations  related  to  multi-threading  and 
power  usage.  Dell  said  it  was  seeing  5%  to  20% 
performance  improvement  for  single-threaded 
applications  and  as  much  as  90%  speed  boosts 
for  some  types  of  multi-threaded  applications. 

Servers  based  on  quad-core  Xeon  chips  were 
announced  by  IBM,  HP  and  Dell,  who  said 
their  new  servers  will  be  significantly  faster 
than  older  ones  because  the  Nehalem  micro¬ 
architecture  improves  data  throughput  by  cut¬ 
ting  bottlenecks  that  plagued  older  chips. 

HP’s  Paul  Gottsegen,  vice  president  of  server 
marketing,  lauded  Intel  for  optimizing  the  per¬ 
formance  of  workloads  running  on  virtual 
servers.“The  hardware  assist  you  get  with  virtu¬ 
alization  in  Nehalem  is  dramatic,” he  said.“With 
Nehalem,  it’s  so  fast  that  you  have  to  make  sure 
the  rest  of  the  system  is  keeping  up.” 

Sun  announced  that  it  has  optimized  its 


Solaris  and  OpenSolaris  operating  systems  to 
take  advantage  of  performance,  scalability  and 
energy  efficiency  gains  in  the  Intel  processors. 

Intel’s  new  processors  have  an  on-chip  mem¬ 
ory  controller  and  use  Intel’s  QuickPath  Inter¬ 
connect  technology  instead  of  a  front-side  bus 
to  triple  the  memory  bandwidth  available  to 
the  processors. 

The  chips  also  have  a  feature,  called  Turbo 
Boost,  that  can  over-clock  one  or  more  cores 
on  the  chip  to  deal  with  a  heavier  processing 
load. The  server  versions  of  the  chips  are  rated 
to  run  at  speeds  up  to  2.93GHz,  but  Turbo 
Boost  can  temporarily  raise  this  to  3.3GHz 
under  certain  conditions.  The  workstation 
chips  get  a  similar  boost  from  3.2GHz  to 
3.46GHz. 

While  the  chips  announced  last  week  are  for 
one-  and  two-socket  systems,  Intel  is  preparing 
four-  and  eight-socket  products  that  will  hit  the 
market  late  this  year  or  early  in  2010. 

The  IDG  News  Service  contributed  to  this 
report. 


Cybersecurity 

continued  from  page  12 

In  addition, an  agency  appointed  by  the  pres¬ 
ident  would  control  how  and  when  systems 
are  restored. 

The  power  could  conceivably  extend  to  large 
service  provider  networks  such  as  those  run  by 
Google,  Microsoft,  AOL,  Yahoo  and  others  that 
offer  online  services  and  applications  to  cor¬ 
porations  and  consumers. 

“We  are  currently  studying  this  legislation,” 
says  Dan  Martin,  a  spokesman  for  Google. 
“Security  has  been  a  priority  at  Google  from 
the  beginning  of  the  company  —  we  recognize 
that  secure  products  are  instrumental  in  main¬ 
taining  the  trust  our  users  place  in  us.” 

Proponents  including  officials  from  the 
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Center  for  Strategic  and  International  Studies 
(CSIS)  say  the  legislation  is  comprehensive 
and  reflects  the  need  for  thorough  debate 
around  digital  security  that  is  long  overdue. 

The  bill  was  introduced  by  Sen.  John  Rocke¬ 
feller  (D-WVa.),  the  chairman  of  the  Senate 
Committee  on  Commerce,  Science  and  Trans¬ 
portation,  and  Sen.  Olympia  Snowe  (R-Maine). 
Rockefeller  said  in  a  statement  the  bill  loosely 
parallels  the  recommendations  presented  in 
December  to  Obama  by  a  CSIS  panel.  The 
panel  recommended  naming  an  assistant  for 
cyberspace  and  a  National  Security  Council 
director  to  coordinate  government  response  to 
cyber  threats. 

The  51-page  Rockefeller/Snowe  bill  calls  for 
the  appointment  of  a  national  cybersecurity 
adviser  that  reports  directly  to  the  president. 
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“[Rockefeller/Snowe]  got  input  from  a  lot  of 
sources,  including  the  CSIS  report,  so  there  is 
more  there  than  we  had  laid  out.  It’s  a  strong 
bill,”  says  Jim  Lewis,  director  and  senior  fellow 
in  the  technology  and  public  policy  program 
at  CSIS. 

The  bill  aims  to  unite  both  public  and  private 
network  operators,  including  corporations,  in 
developing  regulations  for  defending  comput¬ 
er  systems  before  and  during  cyberattacks. 

Rockefeller  says  the  legislation  addresses  the 
threat  to  private  sector  infrastructure  such  as 
banking,  utilities,  air/rail/auto  traffic  control 
and  telecommunications. 

CDT’s  Harris  says  there  is  likely  to  be  much 
concern  from  the  private  sector.  In  CDTs  eval¬ 
uation  of  the  bill’s  language,  Harris  says:  “We 
read  this  bill  to  say  it  sets  a  technical  standard 
and  one  way  to  do  things.” 

She  says  the  government  could  establish  stan¬ 
dards  on  how  to  configure  software  and  on 
security  configurations  that  would  apply  to  any¬ 
thing  the  president  says  is  critical  infrastructure. 

“If  you  are  a  bank  or  a  communications  net¬ 
work  and  you  are  critical  infrastructure  you 
have  to  meet  those  standards,”  Harris  says. Such 
a  mandate, she  says,  would  undermine  innova¬ 
tion  and  weaken  security  because  all  critical 
infrastructure  would  be  running  the  same  tech¬ 
nology  that  once  compromised  would  see  net¬ 
works  fall  like  dominoes. 

But  it  is  that  kind  of  input  that  the  bill  is 
designed  to  draw  out,  CSIS’  Lewis  says. 

“It  takes  a  broad  brush  approach,” he  says.“No 
previous  U.S.  effort  has  been  as  comprehen¬ 
sive,  and  that’s  one  of  the  main  reasons  all  our 
previous  efforts  failed.  This  is  a  big  step  for¬ 
ward,”  he  says.  ■ 
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Owning  your  own  data 


BACKSPIN 

Mark  Gibbs 


he  idea  of  you  “owning”  the  data  about 
yourself  is  both  emotionally  and  intellec¬ 
tually  appealing. This  data,  which  ranges 
from  the  critical  (your  medical  and  financial 
records)  to  the  theoretically  trivial  (what  you 
buy  and  search  for,  and  which  Web  sites  you 
visit)  defines,  quantifies  and  describes  your 
preferences,  resources,  habits  and  health.  It  is  a 
proxy  for  you.  It  is  also  what  every  marketer  in 
the  entire  commercial  universe  wants  to  get  their  hands  on. 

Currently  this  data  is  smeared  across  thousands  of  different  loca¬ 
tions  in  hundreds  of  formats  ranging  from  paper  forms  at  your  chiro¬ 
practor’s  office  to  digital  records  captured  by  the  supermarkets  you 
frequent  to  the  often  erroneous  credit  profiles  kept  about  you  in  the 
vast  data  warehouses  of  companies  such  as  Experian  and  Equifax.  It  is 
stored  by  the  IRS,  lost  by  TJX  and  analyzed  by  anyone  who  can  get 
their  hands  on  it. 

This  data  might  be  high  grade  (for  example,  your  tax  returns  and 
medical  records  are  in-depth,  detailed  and  specific),  or  low  grade 
(such  as  your  Google  searches  and  your  click  stream  as  you  navigate 
Amazon).  But  whatever  the  source  or  the  quality  that  data  has  value 
and  it  is  guaranteed  that  someone,  somewhere,  considers  even  the 
smallest  part  of  it  worth  exploiting. 

Just  consider  the  various  customer  loyalty  programs  that  supermar¬ 
kets  run.You  enter  your  ID  and  the  detailed  knowledge  about  what 
and  when  you  buy  gives  them  an  in-depth,  detailed  and  very  personal 
profile  of  you. They  know  what  kind  of  plonk  you  drink  and  even  your 
favorite  brand  of  hemorrhoid  cream. 

Now,  if  you  truly  owned  any  of  your  data  then  you’d  be  able  to  con¬ 
trol  who  gets  access  to  it,  what  parts  and  how  much  of  it  they  could 


see,  how  long  they  could  retain  it  and  what  exactly  they  could  do  with 
it. That  is,  of  course,  exactly  what  the  commercial  world  doesn’t  want. 

Let’s  first  consider  what  it  would  mean  to  own  your  own  data. 
Owning  anything  is  a  responsibility  and  in  the  case  of  data,  requires  a 
lot  of  sophistication  and  knowledge  if  you’re  going  to  do  it  effectively 
and  reliably  In  the  case  of  your  personal  data  it  means  verifying,  orga¬ 
nizing,  categorizing,  storing,  updating,  archiving  and  securing  it,  along 
with  negotiating  its  release,  its  deployment  and  its  use  with  and  by 
interested  parties.That  looks  a  lot  like  work. 

Well,  people  are  working  on  technologies  and  services  that  aim  to 
make  personal  data  management  easy  and  effective.  At  Harvard  Uni¬ 
versity’s  Berkman  Center  for  Internet  and  Society  for  example,  there  is 
Project  VRM. The  goal  is  to  develop  a  set  of  tools  for  Vendor  Relatio¬ 
nship  Management  (VRM),  which  has  been  described  as  the  recipro¬ 
cal  of  CRM  as  practiced  by  businesses. 

I  recently  talked  to  Joe  Andrieu.CEO  of  start-up  SwitchBook,  and 
he’s  passionate  about  the  need  for  VRM.  SwitchBook  plans  to  help  you 
manage  your  Internet  searching  such  that  your  activities  are  organized 
and  what  you’re  looking  for  is  kept  private  — what  the  company  calls 
“user  driven  search”.  Andrieu  says  SwitchBook  will  implement  the 
policies  and  methodologies  for  VRM,  all  of  which  is  great. 

But  the  problem  I  foresee  is  that  without  real  privacy  laws,  with  user 
interest  in  managing  one’s  own  data  currently  almost  non-existent, 
and  with  nothing  even  remotely  approaching  a  public  dialog  on  how 
our  data  is  routinely  used  and  abused,  how  can  VRM  work?  The  fact  is 
our  society  needs  VRM  and  needs  it  now.  So,  how  can  we,  the  IT  indus¬ 
try  the  only  people  who  “get  it”,  help  the  rest  of  the  world  get  it? 

Gibbs  has  implemented  reader  relationship  management  in  Ventura, 
Calif.  Dump  your  data  to  backspin@gibbs.com. 


The  FCC  teaches  me  a  lesson 


NETBUZZ 

News,  Insights,  oddities 


Four  separate  times  over  the  course  of 
eight  densely  typewritten  pages,  the  letter 
from  the  Federal  Communications 
Commission  to  me  mentions  the  Paperwork 
Reduction  Act  of  1995. 

Allow  me  to  fully  explain  the  irony 
Six  months  ago  I  filed  a  complaint  online 
with  the  FCC  about  mistreatment  suffered  by 
my  family  at  the  hands  of  a  run-amok  Verizon 
robo-call  system.  I  recently  received  a  response 
from  the  agency  via  snail-mail  ...  which  given  that  a  half-year  had 
elapsed  since  my  complaint,  could  conceivably  have  been  delivered 
by  an  actual  snail. 

Yet  tardiness  isn’t  the  crux  of  this  “your  tax  dollars  at  work”  tale. 

While  we  had  previously  encountered  difficulties  with  Verizon,  this 
one  was  particularly  egregious  both  because  it  was  particularly  egre¬ 
gious,  and  because  it  occurred  while  my  wife  was  home  and  I  was 
nestled  in  a  quiet  hotel  room  a  full  continent  away  As  any  business 
traveler  knows,  nothing  conducts  heat  like  a  telephone  line,  so  upon 
my  return  I  decided  to  do  something  that  I  cannot  recall  ever  having 
done  before:  file  a  formal,  written  complaint. 

1  never  expected  anything  to  come  of  my  complaint,  of  course.  Like 
most  people,  I  just  figured  that  it  would  be  added  to  the  pile. 

Yet  just  the  other  day  that  reply  arrived. The  first  paragraph  of  the 
massive  missive  reads:“This  letter  is  in  response  to  your  complaint  filed 
with  the  Federal  Communications  Commission  (FCC).  We  are  review¬ 
ing  your  complaint  and  will  contact  you  if  any  further  information  is 
needed. Thank  you  for  filing.” 

That’s  it.  Oh,  that  was  just  the  start  of  those  eight  densely  typewritten 
pages  with  the  four  separate  mentions  of  the  Paperwork  Reduction  Act 
of  1995,  but  those  three  sentences  represent  the  sum  total  of  what  one 


might  call  pertinent  information  contained  in  the  correspondence. 

In  other  words,  the  FCC  took  eight  densely  typewritten  pages  to  tell 
me  it  had  received  my  complaint  six  months  ago  and  would  be  in 
touch  if  there  was  any  other  way  in  which  I  could  be  of  assistance. 

I’ll  briefly  summarize  the  rest  of  the  letter,  which,  in  an  apparently 
genuine  bow  to  the  Paperwork  Reduction  Act  of  1995,  covered  both 
sides  of  four  sheets  of  paper: 

Page  2  has  my  name,  address,  telephone  number  and  e-mail. 

Page  3  tells  me  where  the  FCC  is  located  and  brings  us  the  first  men¬ 
tion  of  the  Paperwork  Reduction  Act  of  1995. 

Page  4  is  so  densely  typewritten  that  only  lawyers  are  allowed  to 
read  it. 

Page  5  babbles  a  bit  about  privacy  in  addition  to  providing  the  sec¬ 
ond  citation  of  the  Paperwork  Reduction  Act  of . . .  what  year,  people? 
Are  you  paying  attention? 

Page  6  reminds  me  where  I  live  and  how  I  might  get  in  touch  with 
myself  before  providing  a  verbatim  account  of  the  complaint  that  I 
typed  six  months  ago. 

Page  7  makes  sure  I  got  that  FCC  address,  all  right,  before  reiterating 
the  primacy  of  the  You  Know  What  Reduction  Act  of  You  Know  When. 

Page  8  features  more  of  that  lawyerly  stuff  before  concluding  with 
one  last  helping  of  The  Paperwork  Reduction  and  Irony  Enablement 
Act  of  1995. 

Trust  me,  1  never  would  have  filed  the  complaint  —  never,  never, 
never  —  had  I  known  that  trees  would  die  so  needlessly 

One  last  point: The  return  address  on  the  letter  reveals  it  was  sent 
not  from  Washington,  D.C.,  but  rather  from  an  FCC  facility  in  Gettys¬ 
burg,  Pa.  Abraham  Lincoln,  whose  historic  address  there  required 
fewer  than  300  words,  would  be  mortified. 

Save  paper,  the  address  is  buzz@nww.com. 
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